The payment industry is caught up in a security quandary. The PCI DSS has provided a set of rules in an attempt to shore up protection of cardholder data and improve the overall security of the payment system. But the new regulations, system changes, documentation, audit requirements, and threat of financial penalties have imposed new burdens on merchants and payment intermediaries prompting some to question whether the gain is worth the pain. Whereas convenience was once the hallmark of credit, debit and ATM card networks, these days regulatory issues, liability concerns, and financial costs that now extend well beyond interchange fees have dampened the mood of card accepting retailers to the point where cash and checks look more appealing. Now merchants and other payment system intermediaries are being asked to invest even greater sums in technology to further secure the cardholder. Will these investments payoff or invite more oversight, regulation and needless cost?