Total System Services Inc. is seeking a bigger share of small-merchants' online transactions by expanding the processing services it offers to acquirers.
The Columbus, Ga., card processor announced a partnership agreement Monday with ControlScan Inc. in Atlanta to help small merchants comply with the Payment Card Industry data security standard.
The company said its TSYS acquiring solutions unit would work with ControlScan, a provider of third-party verification services, to offer acquirers a variety of tools for use in improving merchant PCI compliance rates, especially at small to midsize merchants.
Matt Talbot, the TSYS unit's vice president of product management, said in an interview Monday that acquirers have been increasing their efforts to improve small-merchant compliance and some have been "very proactive."
Among smaller merchants, PCI compliance lags. Visa Inc., the San Francisco payment card company, reported in January that 99% of its largest merchants, those with more than a million Visa payment card transactions per year, have confirmed that they do not retain prohibited data but that about 25% of merchants with 20,000 to 1 million online transactions per year were only then going through the initial validation process.
Bruce Cundiff, a research analyst at Javelin Strategy and Research in Pleasanton, Calif., said that offering ControlScan's verification service could help TSYS compete more effectively against rivals such as the online payment processor CyberSource Corp. of Mountain View, Calif., which already offers such services.
The verification service is a natural extension of the payment processing that TSYS already does for acquirers, Mr. Cundiff said.
With the big merchants largely taken care of, it is time for the card industry to increase its attention to smaller e-commerce merchants, he said. "They don't have the money. They're not going to undertake some arduous process to become PCI-compliant without some assistance from their acquirer."
Mr. Talbot said that market competition is a factor but that the larger issue is the growing pressure on merchants of all sizes to guard against data breaches. "We've had a lot of demand from clients, who look to TSYS as an industry leader to provide the services they need."
TSYS has worked previously with ControlScan, introducing it to acquirers that sought help on PCI compliance, Mr. Talbot said. "This goes one step further. It is now a formal partnership."
Until December, when TSYS was spun off by Synovus Financial Corp. of Columbus, a family connection existed as well. Synovus had an investment in ControlScan through Total Technology Ventures LLC, a venture capital firm it created in 2000. A TSYS spokesman said Synovus retained Total Technology in the spinoff.
The decision to work with ControlScan was not related to the previous relationship, Mr. Talbot said. "There's a segment here of small and medium-size e-commerce merchants for whom this is going to be absolutely the right solution," he said.
The program offers merchants a variety of tools, including a self-assessment questionnaire, survey completion assistance, and access to technical experts to find and fix data vulnerabilities.
Many small merchants simply sign up for Web hosting services to provide their online shopping carts, Mr. Talbot said, but lack a plan to respond to a security breach. "If there is a Web breach, the business owner doesn't have a staff of people there who can get involved," he said.
ControlScan says on its Web site that 1,000 online merchants worldwide use its verified secure service.
