Just had a meeting with our bank manager yesterday and he asked if we were compliant with the new security measures for credit card transactions. We did this in May. He said, "Good, because those charges are going to go drastically up at the end of the year."

Basically, we had to sign our life away so that the bank can't be liable for any stolen credit card data that we take. Currently, they're taking just under one percent if you aren't compliant but this is a heads up.

any more info on this much appreciated.

Hi Am only at stage of looking into getting a card terminal, but am told by one supplier there will be new legislation coming in whereby banks will in effect do an annual audit of how we keep customer card details. Naturally there will be a charge (yet another one) of £30 per annum if you take card details over the phone and use chip and pin, or £100 per annum if you have a on-line booking facility which also takes card payments (the cost of progess).

Sorry don't have any further details at this stage

This is the PCI DSS regulations that I started a thread about two months ago on one of the other forums.
As usual with these regulations there is a lot of mis-information and bogus charges.
The PCI DSS regulations ONLY COVER ONLINE TRANSACTIONS.

Basically the credit card companies have withdrawn your access to the CVS code (three digits on the back strip) and your right to store it in any way unless you comply with a huge amount of data protection. These regulations do not appy to telephone or written transactions. So your bank is exceeding their authority if they want to audit all your credit card records. I have heard of one hotel booking system provider who is charging £1000 to their customers to 'make them PCI compliant."

There is a simple way round this.
1) Use a proper credit card company not your bank. You will save a shed load of money on fees (my banks best offers was 2.75% but I now pay 1.5%.)

2) For your online booking system use a proper payment gateway supplier such as SAGEPAY. How this works is that the guest books on your site and then to pay, they are transfered to the payment gateway who does all the credit card transaction part, takes the credit card details and send the money to your bank. You never need to get the card details, never need to comply with the regulations because SagePay does all that but you get the deposit money. You can even reverse the deposit if need by on the SagePay website.

3) Then you charge the persons card when they check out using your PDQ machine or online terminal and again avoid the PCI regulations because they only cover 'customer not present transactions' and you never need to store the number because the customers card is in your hand.

4) Tell your bank that you comply with the regulations because you do not handle CVS numbers when customers are not present.

Visa is set to launch it's own network and roll out credit cards that also work as debit cards. This will in effect give them a monopoly on transactions and they can charge the merchant (and thus the consumer) what they want. Visa argues that it is up to the consumer to choose which network they want to process their transaction. Legislation is now being drafted in some countries to allow merchants to choose the network that charges the lowest fees.

Thanks for all that info. Very useful and good of you.

Just done my PCI compliancy form over the internet and it was full of banking jargon and lingo - I had to call the help line (high charge number) for assistance in the end - glad I did as I would have made a right pigs ear of it if I had done it myself. I think I am now being charged an extra £5 a month for all this parlarva. What next I ask myself?