The Visa Blink

Written by Evan Schuman
August 16th, 2007

The love-hate relationship that is the American retailer-bank-credit-card marriage is nothing if not complex.

There are few partners that ignite such wrath and venom within retailers than their credit card partners and their?well, let’s just say “generous”?interchange fees. On the flip side, the banks and credit card firms seeing themselves as having to pay the PCI piper whenever there’s a data breach, even if?from the bank/card perspective?that breach was the fault of the reckless retailer.

But like so many business relationships, hatred can be trumped by only one thing: greed. Which is the most terrifying? The prospect that a retailer may no longer be able to accept major credit cards or that the banks and card companies will lose all of that revenue to alternative payment vendors?

The headline for this piece said that Visa Blinks, which it did. But that phrase traditionally equates blinking with losing, borrowed from the classic staring contest. That’s not how we mean it. In some cases?such as this one?blinking can be a realistic conclusion that flexibility may be the best course.

For more than a year, Visa has tried multiple variations of carrot and stick to get retailers PCI compliant. The stick has always been that fines and higher interchange fees will kick in after Sept. 30, 2007, for those retailers who are not certified PCI compliant.

Now that the date will happen next month, Visa and others are softening their position. Instead of being shut out from discounted interchange fees, non-compliant retailers (bad boys being banned from binary benevolence?) are being told they can have their discount fees, but not as much of a discount. The fines will indeed start but not for everyone. Possibly not for anyone. Full Visa discretion.

That’s probably a good and practical approach. But is going to advance their stated position, namely to get more retailers compliant? Unlikely as it’s not addressing the reasons those retailers have resisted compliance in the first place.

There are two kinds of non-compliant Level 1 retailers out there and both truly want to be compliant: those that are trying, but can’t get over PCI hurdles to get the certification; those that aren’t trying anymore, either because they’ve given up or they never cared that much.

Visa’s efforts assume that all retailers are in that second category, that is they are only sufficiently motivated, they’ll make the effort to get compliant.

But for most of the retailers I hear from, their complaints are focused elsewhere. Number one on the list: we can’t afford to make the chain secure up to PCI’s specs. For some, it’s just griping, but for many, it’s a very legitimate complaint. With margins so razor thin, it can’t make sense for any retailer to lose money for the privilege of accepting credit cards.

Granted, this isn’t the case for all Level 1s, but it’s a huge concern for many mid-size retailers. Ironically, it’s not as much of a concern for super small retailers because the dollars required to get them up to PCI specs are much less.

In short, for smaller merchants, Visa’s probably right. For them, it is mostly an attitude adjustment. For many Level 1s, though, it’s a very different story.

Then there are the complaints about consistency and conflicts of interest. But the process of getting certified compliant is quite time-consuming. There’s probably a bit of logic in reallocating a chunk of the effort Visa is using to threaten retailers and put it toward making the certification process simpler, easier and much less time-consuming.

If the focus is placed on making it less expensive?being respectful of the retailers’ right to make a living?and a lot faster, there’s a fine chance Visa might be able to save its threats for mid-sized retailers who need the motivation.


One Comment | Read The Visa Blink

  1. Kevin Says:

    I think the whole issue of interchange fees is something that needs a lot more transparency – I definitely feel that a lot of smaller merchants are getting hurt by these fees and can’t do a lot about it. Additionally, because the general consumer is unaware of these fees they also don’t realize what their rewards programs are doing in regards to these. I do some work with the MPC and when gas prices were high, these fees took a large amount of profits away from gas stations – to the point that they were only making money from their non-gas item sales because of the popularity of credit cards now.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.