Meanwhile, compliance among level-two merchants - those processing one to six million transactions - jumped even more dramatically, from 15 percent to 43 percent over the same time period.
The level-ones have the higher percentage because Sept. 30 marked the deadline for them to be compliant. Level-twos have until the end of the year.
This is certainly good news. Although it begs the question, especially with the level-ones, what's up with the other 35 percent? Visa claims, I stress claims, it has begun issuing fines of up to $25,000 to those acquiring banks whose merchants are not in compliance. (The banks typically pass the fines down to the retailers, setting up a weird dynamic in which they are penalizing their customers).
Certainly big businesses face real challenges becoming compliant, whether it be transitioning from legacy systems or getting the necessary funding. But there still appears to be a semblance of indifference when it comes to PCI.
That may be partially to blame over contention between the merchants and the merchant banks and credit card companies. Not only are there disagreements over who should be responsible for fraud-related and card reissuance costs but also whether the banks are really forcing the merchants to hold on to the data for things such as chargebacks and returns.
Depending on who you ask, you'll get a different response. We'll explore this in our December issue. It's sure to be a timely, hot-button story.