PCI DSS was set up to help secure businesses process card payments and fight fraud. Robust controls are designed to protect the storage, transmission, and processing of cardholder data that businesses handle. Merchants that fail to comply with the standard can attract non-compliance fines and may see their relationship with their acquirer terminated, which, in turn, leaves them unable to accept card payments.
Acquiring banks are obliged to take a tough stance on PCI DSS compliance. This is because fraudsters target weak links in the payment chain to steal payment data (card numbers and card security codes) and customers’ personal information, such as names, addresses, phone numbers, email addresses, and dates of birth.
If and when a data compromise occurs, fines associated with non-compliance can reach hundreds of thousands of pounds; many non-compliant merchants have ceased trading because the fines could not be accommodated. This is in addition to the significant harm caused by associated reputational damage, so is it any wonder that the PCI Security Standards Council refers to surveys suggesting that 60% of small and medium businesses closed within six months of a payment data breach?
While penalties for PCI DSS non-compliance are on a more modest scale, they are a not-inconsiderable source of revenue for acquirers – although this is not a sustainable long-term revenue stream.
We know that merchants want to comply with PCI DSS and recognize the value of increasing customer confidence in the security of their transactions. However, merchants face several challenges, most notably:
Many companies offer security products for SMBs but not the management of those tools. Acquirers using a managed service for PCI DSS compliance can give their merchants access to a service that costs less than most fines for non-compliance while boosting all aspects of the business’s security, from firewalls to anti-virus protection. It’s a win-win.
SMBs want to be compliant but don’t always know what they need and often feel overwhelmed by the process. This isn’t surprising: merchants want to focus on selling their products and services, knowing that effective security requirements are being delivered for them at a cost they can afford while ensuring compliance with standards that keep their customers secure.
Giving merchants greater choice for PCI DSS compliance and cybersecurity is an attractive proposition for acquirers. Acquirers, like Elavon, have recently migrated hundreds of thousands of merchants to a managed-service platform enabling their merchant customers to complete their compliance on a self-serve basis or allowing expert agents to manage data security and compliance on their behalf.
As well as generating revenue from security tools that enhance their customers’ cybersecurity, acquirers also gain a greater understanding of where the risk lies within their customer base, enabling them to take steps to address that risk.
The industry hasn’t done enough to help small business merchants with their security issues. In the past, security solutions have focused on a portfolio subset such as e-commerce rather than providing a holistic solution.
As a result, many merchants are paying non-compliance fees rather than addressing shortcomings in their security protocols. This is absurd when managed services provide a unique opportunity for acquirers to retain key relationships with merchants while helping them keep customers and build loyalty. It is the shared responsibility of the industry to ensure compliance can be met affordably and without leaving chinks in the armory of businesses, no matter their size.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.