Retailers are lobbying the payment industry in a bid to scrap the fines they are being forced to pay for not yet being compliant with the Payment Card Industry Data Security Standard (PCIDSS).
The British Retail Consortium Brussels director Alisdair Gray said the body has written to Visa, American Express and MasterCard to get the fines scrapped or reduced.
The payment card brands levy fines on acquiring banks if their merchants have not met the PCIDSS requirements, but the banks can pass these on to individual retailers.
Retail Week revealed in February last year that retailers were receiving warning letters regarding fines. It is understood these fines are now beginning to be levied.
In the letter, seen by Retail Week, BRC director-general Stephen Robertson said retailers are struggling to comply with the standard, even though they have invested substantial sums in compliance projects.
The BRC said retailers have made substantial efforts to meet the compliance requirements, and the fines are particularly unfair on smaller retailers that process far fewer card transactions each year.
The letter said full compliance to the standard “may not ultimately be achievable for a number of reasons”, including the interpretation of the standard by different Qualified Security Assessors and lack of acquirer assistance, particularly for smaller merchants.
It said the “ongoing and variable nature of the requirements means that their projects can never be fully concluded and they will be susceptible to significant ongoing costs”. Gray said that so far only MasterCard has responded and the BRC is waiting for responses from the other two card schemes.
Separately, Retail Week has learned that retailers not yet compliant with the standard are finding they are not able to negotiate such competitive per-transaction payment processing rates by their acquiring bank as they would if they were compliant. This could mean retailers are paying substantially more in card-processing fees each year.