PCI – What is it? We can only begin to imagine the losses, liability and other consequences resulting from unauthorized access to credit card information, which, unfortunately, happens all the time. To attempt to deal with this problem, the credit card industry developed the Payment Card Industry (PCI) Data Security Standard (DSS) or PCI DSS to ensure that companies that process, store or transmit credit card information maintain a secure environment. Compliance with these standards is required of all merchants authorized to accept credit card payments. In 2006, the major credit card companies (Visa (V), MasterCard (MA), American Express (AXP), Discover (DFS) and JCB) created the payment Card Industry Security Standards Council (PCI SSC) to manage the ongoing development of the PCI DSS. However, the credit card companies and not the PCI SSC, are responsible for enforcing compliance. For those interested and brave enough, a copy of the PCI DSS can be found here. It is important to note that PCI compliance, for the most part (more on that later), is not law.

Scope of Obligation: Using a third party to process, store or transmit credit card information does not remove a merchant’s obligation to comply with PCI DSS for these functions. Therefore, the merchant is responsible to see to it that the third party providing these functions is compliant, or face the consquences. Section 12.8.2 of PCI DSS requires a merchant to “[m]aintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess.” Merchant’s can’t assume that third party vendors are PCI compliant. Also, don’t assume that if your site has SSL certificates that you are compliant with PCI DSS. Remember, all service providers that touch, manage and/or store a merchant’s credit card information are the direct responsibility of the merchant.

On February 12, 2009, the Federal Trade Commission (FTC) issued: FTC Staff Report: Self-Regulatory Principles For Online Behavioral Advertising. This document contains guidelines for self-regulation, and, there are indications that if the guidelines are not followed by successful self-regulation, then the FTC will impose binding regulations. Something that most industries don’t wish to see.

Background: Last March, the Interactive Advertising Bureau (IAB) announced that revenue from advertising on the Internet in 2008 surpassed $23 billion in the U.S. It is this ad revenue that in large part allows for the almost universal offering of free content. Therefore, continued strong and increasing revenues from ads is critical to maintaining a free of charge Internet.

Background: Last year, New York started requiring certain out-of-state online vendors to collect and pay New York sales tax on purchases made by New York residents. This has become known as the “Amazon tax,” because Amazon (AMZN) was one of the high profile sites affected and embroiled in the ensuing controversy.

In order to impose sales tax collection requirements on out-of-state vendors, New York had to get around the 1992 U.S. Supreme Court ruling in Quill v. North Dakota (504 U.S. 298 (1992)), which held that out-of-state retailers cannot be required to collect sales tax on sales to persons in states where the retailer does not have a physical presence, because requiring merchants to adhere to the complexities of the state and local tax codes would place an unreasonable burden on interstate commerce.

The Battle: A battle has raged for some time against Google (GOOG) because it sells trademarks as keywords in its very profitable Adwords service. Businesses may purchase keywords containing the trademarks of their competitors. So, when the competitor’s trademark is entered as a search term, Sponsored Links of the company that purchased the keywords will appear along side of search results. For example, someone searches for “Ford Trucks” and Sponsored Links for Toyota Trucks might appear.

To make matters worse, Google does not only allow businesses to purchase competitors’ trademarks as keywords, but actually recommends this practice through its Keyword Suggestion Tool. For simplicity, I’ll refer to the purchaser of the trademark keyword as the “Advertiser.”