Wired has a really strange story about Cisero’s Ristorante and Nightclub being fined for PCI violations (and alleged breaches?), having money taken from them, then sued by their bank, and thus counter-suing their bank and effectively putting this whole PCI security process under a legal magnifying glass.
PCI sounds fine, it really does. But once you start looking at the various steps on their own, it really makes you feel dirty. It’s even dirtier when you start talking about arbitrary costs, rules, changes, and general lack of communication up and down the chain.
This may not be so much a problem of PCI, as opposed to a problem with how PCI is used by the merchants, banks, and Visa/Mastercard. No one wants to eat these costs, and the less-skilled persons (merchants) end up being responsible for highly technical issues.
Definitely a story to keep an eye on.