Adding Value to Acquiring Bank Portfolios With Managed PCI Compliance

March 4, 2021

PCI DSS was set up to help secure businesses process card payments and fight fraud. Robust controls are designed to protect the storage, transmission, and processing of cardholder data that businesses handle. Merchants that fail to comply with the standard can attract non-compliance fines and may see their relationship with their acquirer terminated, which, in turn, leaves them unable to accept card payments.

Acquiring banks are obliged to take a tough stance on PCI DSS compliance. This is because fraudsters target weak links in the payment chain to steal payment data (card numbers and card security codes) and customers’ personal information, such as names, addresses, phone numbers, email addresses, and dates of birth.

If and when a data compromise occurs, fines associated with non-compliance can reach hundreds of thousands of pounds; many non-compliant merchants have ceased trading because the fines could not be accommodated. This is in addition to the significant harm caused by associated reputational damage, so is it any wonder that the PCI Security Standards Council refers to surveys suggesting that 60% of small and medium businesses closed within six months of a payment data breach?

While penalties for PCI DSS non-compliance are on a more modest scale, they are a not-inconsiderable source of revenue for acquirers – although this is not a sustainable long-term revenue stream.

Overcoming barriers to compliance

We know that merchants want to comply with PCI DSS and recognize the value of increasing customer confidence in the security of their transactions. However, merchants face several challenges, most notably:

  1. Time and resources: SMBs understand the importance of cybersecurity, but it gets pushed down the list of priorities by the day-to-day tasks necessary to keep the business running.
  2. Technical requirements: The compliance process can be complex, and the vast majority of merchants don’t have in-house IT staff with the required technical skills.

Many companies offer security products for SMBs but not the management of those tools. Acquirers using a managed service for PCI DSS compliance can give their merchants access to a service that costs less than most fines for non-compliance while boosting all aspects of the business’s security, from firewalls to anti-virus protection. It’s a win-win.

SMBs want to be compliant but don’t always know what they need and often feel overwhelmed by the process. This isn’t surprising: merchants want to focus on selling their products and services, knowing that effective security requirements are being delivered for them at a cost they can afford while ensuring compliance with standards that keep their customers secure.

Giving merchants greater choice for PCI DSS compliance and cybersecurity is an attractive proposition for acquirers. Acquirers, like Elavon, have recently migrated hundreds of thousands of merchants to a managed-service platform enabling their merchant customers to complete their compliance on a self-serve basis or allowing expert agents to manage data security and compliance on their behalf.

Improved customer insight

As well as generating revenue from security tools that enhance their customers’ cybersecurity, acquirers also gain a greater understanding of where the risk lies within their customer base, enabling them to take steps to address that risk.

The industry hasn’t done enough to help small business merchants with their security issues. In the past, security solutions have focused on a portfolio subset such as e-commerce rather than providing a holistic solution.

As a result, many merchants are paying non-compliance fees rather than addressing shortcomings in their security protocols. This is absurd when managed services provide a unique opportunity for acquirers to retain key relationships with merchants while helping them keep customers and build loyalty. It is the shared responsibility of the industry to ensure compliance can be met affordably and without leaving chinks in the armory of businesses, no matter their size.

Keep reading

See all blogs
2024 Mobile Fraud Market Trends in the UK and Europe

The UK and Europe are experiencing a massive increase in mobile fraud. Consumers, businesses, and government agencies are alarmed and pondering their next steps as they prepare to deal with several emerging trends that have surfaced in 2024.

Charlie Rowland
June 18, 2024
Prove’s Brad Rosenfeld Explains the New Customer Onboarding Process on Fast Company

No longer confined to top-of-funnel engagement and brand awareness, CMOs are now leading efforts to shape the entire customer experience journey.

Kaushal Ls
June 6, 2024
PYMNTS TV: Prove CEO Rodger Desai Explains Need for Phone-Based Approach to Authentication

Prove’s CEO Rodger Desai was featured recently on PYMNTS TV, where he met with PYMNTS CEO Karen Webster to discuss trends and shifts in the identity verification market.

Kaushal Ls
June 4, 2024