[B]David Hendricks[/B] - David Hendricks
We are all victims of credit card abuse and fraud, directly or indirectly.
Consumers pay fees and higher prices to cover losses.
But some fees punish the wrong people unnecessarily, and a Boerne antiques store provides an example.
Lynn Vogel, owner of Ivy Garden Antiques on Boerne’s South Main Street, is like many other storeowners who accept MasterCard and Visa credit cards as payment for store sales. Vogel uses First Data Corp. as an intermediary company that processes her transactions for MasterCard and Visa.
Vogel recently received a letter from First Data saying she must pay a new annual “compliance” fee of $139.75 because of a new security standard that has been adopted by the credit card industry. The new industry rule is called Payment Card Industry Data Security Standards, or PCI DSS.
The fee pays for analysis of her transaction data for security purposes.
The First Data letter is full of gobbledygook. Still, it clearly informed the Boerne merchant, as undoubtedly millions of other merchants are being informed, that if the fee is not paid, First Data would cut off her credit card terminal.
Vogel doesn’t think the fee is fair because she doesn’t understand what benefit she would receive.
“I think it’s awful,” Vogel said, pointing out that if every merchant paid such a fee, it would add up to millions or billions of dollars. “I think Main Street is doing a bailout for MasterCard and Visa.”
She’s right. MasterCard, Visa and other credit card companies decided on a new security standard, but they aren’t paying for it. The credit card companies are asking for compliance reports from the intermediary companies, such as First Data.
First Data is passing on the security costs to the merchants. The merchants, if they can, must pass it on to consumers.
Vogel may not be able to do so. “We’re hanging on by our fingernails and toenails. It’s tough,” she said.
MasterCard spokesman Tristan Jordan said the credit card companies do not set the fees. Each intermediary – Jordan calls them “acquirers”-- charges fees in different ways and amounts. Vogel could, Jordan said, shop around for another intermediary company that charges less.
Vogel said First Data told her that fees at other companies are much higher.
First Data declined to reveal its fee formula for retailers. In an e-mail statement, the company said, “We devote significant resources to remaining compliant with evolving security standards in the industry … Protecting consumer data is an ongoing effort that ultimately benefits customers and businesses alike.”
But no one is saying how much profit they will make off the fees retailers must pay. There’s no transparency.
The new security steps are meant to stop the kind of security breaches that allowed critical customer information to fall into unauthorized hands, such as when the computer of TJX Cos. Inc., parent of retailer T.J. Maxx, was hacked in 2007.
In fact, Internet chatter about PCI DSS blames the new standard and its costs on T.J. Maxx. MasterCard’s Jordan said the credit card industry started work on the new standard before the T.J. Maxx incident.
Vogel sees a difference between the security needed for chain retailers and for her store. “We’re in a small town,” she said. “We don’t have a Web site. We just have a phone line connected to a terminal.”
The credit card companies that approved the new security standard – MasterCard, Visa, American Express, Discover and JCB – should have added their new standard’s price tag to their cost of doing business. Instead, they passed it on to the merchants’ cost of doing business.
For small businesses, it’s another penalty for trying to make a living.