PCI SSC can be maddening, and yet we should be grateful

“So what you’re telling me is that if I don’t use your processor for my merchant services I can’t integrate”.  This seemingly factual statement is a sentence which regularly rings through my phone.  Is this statement a fact?  Yes.  Is it proprietary? No.  Does this have anything to do with the PCI SSC?  Yes.  Let’s explain one question at a time.


How isn’t this proprietary?  For starters we, AccuPOS, are not the processors.  Secondly, we aren’t forcing you to use one particular processor; in the USA you have three options of processors if integrating your merchant services with your AccuPOS Point of Sale is your goal.  And finally we aren’t preventing you from using an alternate processor we are just unable to open the software to its integration; you would still run your sales through your AccuPOS Point of Sale you would just need to swipe the credit card on a stand-alone terminal.


What does this have to do with the PCI SSC?  The Payment Card Industry Security Standards Council has created guidelines and regulations by which we all (merchants, banks, processors, hardware and software developers and point-of-sale vendors) must abide.  These guidelines have forced many of us developers and vendors to narrow the access to our software tremendously so that we are providing the highest level of security possible for our merchants…YOU.  AccuPOS Point of Sale used to be compatible with software that allowed the integration of any merchant processor thus making it impossible to secure.  Every Processor needs a different set of pathways open so this software would essentially keep them all open giving access to anyone and everyone who knows a thing or two about programming and thus hacking.  So nowadays, in 2011, we are forced to write secure software pathways that are unique to each processor and closed to anyone else.  Once this pathway is written, it must be scrutinized and tested by the PCI SSC before it is certified and only then, tens of thousands of dollars later, is the partnership between POS and Processor formed and integration made available to the merchant once again.  As a merchant, in order to be PCI compliant yourself, you must prove that all elements associated with your network are PCI compliant themselves.  Once that is done, you will be PCI certified and avoid charges from Visa and Mastercard and so-on.


So why would we be grateful for this?  The biggest reason I can come up with is because it protects your customers (I am a customer advocate to the core).  All the information that is released into the ether every time we swipe a credit card is now safe because of these regulations.  No one will be able to compromise your customers’ identities and blame it on you.  I expect that over the next couple of years, Identity theft numbers will drop in a big way.  Another reason we can be grateful is because these guidelines push us towards integrating our merchant services if we weren’t already there.  Integrating eliminates human error putting more money in our pockets.  Integration provides faster credit card approval through your Point of Sale and helps you blaze through that long line of customers.  And mostly, you z-out once at the end of the night and you are done done done.  No reconciling to do, no numbers to enter, just goodnight and thank you for securing my money and seeing that I get every penny I earned.  Thank you PCI SSC you have been a huge pain over the last year but I am sure next year I will look back and think of you fondly.