Tony Hughes rang from Ballakermeen Stores in the Isle of Man after receiving a letter from AIB (GB) Services, telling him he needed to join a compliance scheme that provided card protection. “They seem to be forcing us to join it at a small cost, and threatening us with a penalty if we don’t,” says Tony.

He wanted to know whether he had to join.

I wrote about the snappily-named Payment Card Industry (PCI) Data Security Standard (DSS) programme a couple of times last year. All merchants are supposed to comply with the PCI DSS, which essentially means you fork over some £30 and report to a website, or over the phone.

The first time I wrote on this subject I assessed this fee as a penalty to prevent further penalties if anything went wrong and I wondered whether anyone had found a way around it, such as self-assessment. The second time I called it ‘Got you by the short and curlies’, so that’s probably the answer.