Visa backs down on Sept. 30 PCI DSS deadline

After almost a year spent publicly warning large retailers of the need to comply with the draconian security requirements of PCI DSS, it seems that Visa is starting to back down from its Sept. 30 deadline.

Visa's problem is that only a small percentage of large retailers have apparently implemented security systems that comply with the new requirements.

And if it blocked those retailers from processing Visa cards, it could lose serious mounts of money to MasterCard, which controls Maestro, as well as Diners Club and American Express.

Rather than block non-compliant merchants, Visa member banks are starting to say that merchants will not qualify for the heavy duty discounts available to large companies from October 1 - unless they start changing their systems to meet the PCI DSS requirements.

If the merchants concerned haven't managed to meet the requirements by Sept. 30, then some transaction processors are offering a payment equivalent to three months' interchange fees prior to the date.

In essence, this appears to reward those major retailers who are doing something to meet PCI DSS compliance requirements, but can't meet the Sept. 30 deadline.

Nothing like a carrot and stick approach to work wonders...