IMGCAP(1)]
A minority of merchant-service providers charge data-security fees to their merchant clients, yet more providers are likely to begin charging such fees, industry insiders generally agree. Approximately "10% to 20% of service providers" charge fees related to data-security services, says David Taylor, founder of PCI Knowledge Base LLC, a Highland Village, Texas-based research firm focused on payment-data security. Some independent sales organizations resell security services from third-party vendors to help their merchant clients comply with the Payment Card Industry data-security standards. ISOs typically charge merchants for such services, but the fees vary by company. "It's not the majority" of service providers currently charging fees for such services, but "it's certainly going to double or triple from where it is now," Taylor predicts. Indeed, interest in reselling PCI standard-compliance services is "growing" among ISOs, says Joan Herbig, CEO of ControlScan Inc., an Atlanta-based provider of PCI compliance and security products for small and midsize merchants. "We have seen dramatically more interest from ISOs and banks that's driven by the mandates coming down from the card companies that require merchants to become PCI compliant," she says. There is "quite a range" in the amounts that ISOs charge merchants for data-security-related services, says Sean Fury, director of business development at SecurityMetrics Inc., a Salt Lake City-based provider of PCI security products and services. The average fee is roughly $75 to $100 annually, he estimates.
