Quoted

Jun 22, 2016

Michelle Cohen Breaks Down FTC Complaints About the PCI Council & Antitrust Law

The US National Retail Federation (‘NRF’) announced on 2 June 2016 that it has written to the US Federal Trade Commission (‘FTC’), requesting that the FTC open an investigation into the Payment Card Industry Security Standards Council (‘PCI Council’), the credit card industry body that sets the PCI-DSS standards, on the basis of antitrust concerns.

The NRF lists among its concerns that the PCI is not an open organisation but rather one under the control of major credit card networks, and that the PCI-DSS are not standards that meet Congress and FTC-approved principles around voluntary standard-setting bodies. “The NRF has concerns that retailers and their customers have no ability to modify the PCI standards – the card networks set them, and require business owners to abide by them,” said Michelle Cohen, Member at Ifrah Law PLLC. “Business owners, in turn, need to be able to accept credit and debit cards, and thus have to accept the terms in order to have transactions processed.”

“The NRF contends that PCI stifles competition by consuming funds that could be used for other, innovative and perhaps more secure payment technologies, instead requiring merchants to use the PCI standard,” continues Cohen. “In short, the agency contends that the card networks are using their enormous market power to force the PCI-DSS standards on merchants, and ultimately, consumers.”