Does PCI have teeth?

One of the things I've mentioned pretty frequently is the need for the PCI (payment card industry) standard to get some teeth (here, here, here). Now it seems (at least according to the Wall St. Journal) that enforcement is commencing on folks that can't get their PCI act together, which is GREAT.

Of course, I'll reserve my judgment until I see Visa and/or MasterCard take a bite out of some retailers leg in a public way, but the early indications are promising. The WSJ (here - requires subscription I think) reports that MasterCard has already started fining organizations and Visa will begin this week, ranging from $10,000 to $100,000 a month.

$100,000/month is still a rounding error for a mega-retailer, but it's not chump change either. That combined with the recent update (PCI 1.1) which eases some of the restrictions in favor of compensating controls, makes it achievable for the larger retailers to get there since much of this is stuff they should be doing anyway.

But as with most other things, I know of at least one group that will continue to profit mightily from the regulation, and that's the assessors that give the yay or nay on whether someone is "compliant."