IMGCAP(1)]
Charging merchants fees for security-related services or noncompliance with Payment Card Industry data-security standards motivates reluctant merchants to become compliant, argue some observers. Independent sales organizations that charge both fee types have more compliant merchants in their portfolios than those who do not charge both fees, notes Wenlock Free, vice president of business development at SecurityMetrics Inc., a Salt Lake City, Utah-based provider of PCI security products and services. The noncompliance fee is "the motivator," he says. Some ISOs resell security services from third-party vendors to help their merchant clients comply with the PCI security standards. ISOs typically charge merchants for such services, but the fees vary by company. Charging merchants fees "make a tremendous difference" in boosting compliance levels, agrees Doug Klotnia, general manager of the compliance division at Trustwave, a Chicago-based payment-security company. Encouraging merchants to adopt more-secure technology and operations and offering them optional third-party security services was not effective at boosting compliance rates for many service providers, he says. Once ISOs levied fees and made security programs mandatory, "the merchants behaved differently," he says.
