Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

man o' the year

The new Banking Scam : PCI Compliance

Recommended Posts

I have written before about the banks having to find new ways to make money.

I have discovered recently that I (my business) is the victim of the new one, namely PCI compliance ie securely holding card payment details for card service providers.

As you may be aware I have been away from my business since December and this has exacerbated the situation, making it more difficult to deal with and delayed any potential solution (although the situation is still on going), and of course costing me more money.

With no real notice the bank,  (Lloyds Cardnet) is charging £20 plus VAT per month for non-compliance as punitive measure against supposedly not following agreed procedures to keep card details safe. We do hold card details securely. The charge began in December and we were first told in February when I reacted by completing the compliance online. They continued to charge and we were again informed in October. I did not know in the meantime as I say I am away from the business. Staff t my business informed me and I this time completed compliance over the phone with them.

We are still being charged and I have spent 2 more frustrated days, having been assured of call backs which never happen, on the phone to complain. There is however cleverly no way to get through to customer care and two other companies are being used to blur the lines and provide the now standard excuse of "I don't have that information you will have to ring ..."

I have even have someone say to call this number instead and then give me the number I actually rang.

It is looking like we will have to put up with this one and move to another card services provider.

So much for my problems but this must be netting the bank £millions and is nothing but a scam as can be seen from their non-existent customer care.

I would try another court case after my recent success but more hassle is the last thing I need at the moment.

 

Share this post


Link to post
Share on other sites

Any help from the banking ombudsman?  I realise they're all part of the system but you'll have kept a contemporaneous record of your contacts with the bank in trying to sort it all out. 

Share this post


Link to post
Share on other sites

£20+VAT a month for non compliance. I'll need to find the guide lines but non compliance should mean no credit card functionality not here's a small fine keep going as before.

 

Share this post


Link to post
Share on other sites

I will likely take it on when the stress of other things is out of the way. In the meantime I am exploring other providers.

My main point is that this will be making £millions for them, especially judging by the busyness and ineffectiveness of their help line.

Share this post


Link to post
Share on other sites

Data security is obviously important, but the annual self assesment questionnaires to become PCI compliant and changes you have to make to systems can be horrendously over the top and are getting more onerous each year. Even if you don't record calls, or store card numbers anywhere in your systems.

We looked at de-scoping the office from PCIDSS and using a third party, but the costs were too high.

We'll be moving to Stripe or GoCardless.

 

 

Share this post


Link to post
Share on other sites

Every year it's a pita to complete but I try and get it out of the way to avoid paying fees each month. I don't consider myself a complete thicko but it's a really trying process. Some of the questions are clearly based on things only someone who creates websites would know. 

I'm with Worldpay and I think they charge around £20 a month for non compliance. I have to say I find Worldpay helpful and they've refunded any over payment taken once certificates have been uploaded. 

I did a stint once with First Data, never again.I lasted 12 months and ended up buying out of the contract (well truth be told, being paid by the company who set it up to buy myself out of the contract). 

I went back to Worldpay, my original provider and I do find them very good. I'm also a member of FSB so get a bit of a discount too. 

Share this post


Link to post
Share on other sites
2 hours ago, Reck B said:

Data security is obviously important, but the annual self assesment questionnaires to become PCI compliant and changes you have to make to systems can be horrendously over the top and are getting more onerous each year. Even if you don't record calls, or store card numbers anywhere in your systems.

We looked at de-scoping the office from PCIDSS and using a third party, but the costs were too high.

We'll be moving to Stripe or GoCardless.

 

 

Surely you need a combination of the 2. Gocardless is more direct debits than credit cards. 

Share this post


Link to post
Share on other sites
4 hours ago, Battenberg said:

Every year it's a pita to complete but I try and get it out of the way to avoid paying fees each month. I don't consider myself a complete thicko but it's a really trying process. Some of the questions are clearly based on things only someone who creates websites would know. 

I'm with Worldpay and I think they charge around £20 a month for non compliance. I have to say I find Worldpay helpful and they've refunded any over payment taken once certificates have been uploaded. 

I did a stint once with First Data, never again.I lasted 12 months and ended up buying out of the contract (well truth be told, being paid by the company who set it up to buy myself out of the contract). 

I went back to Worldpay, my original provider and I do find them very good. I'm also a member of FSB so get a bit of a discount too. 

I agree with your opinion regarding First Data who are without a doubt the worst company I have ever had any dealings with. Truly awful.

Thank you for the rest of your post. It is useful.

Share this post


Link to post
Share on other sites

Big vote from me for Stripe as with their solution you can still take the card payment details on your web site and be pci compliant due to the way they handle the authorisation and by reducing bouncing a customer to a third party site conversion rates usually increase. if you are doing decent volumes they are also likely to beat whatever fees your current payment provider is charging you. 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Next General Election   90 members have voted

    1. 1. When do you predict the next general election will be held?


      • 2019
      • 2020
      • 2021
      • 2022

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.