Many PCI compliance programs that independent sales organizations and acquirers offer their merchants are beginning to prove their value, says Deana Rich, president of Van Nuys, Calif.-based Rich Consulting.
The compliance programs emerged within the past few years as acquirers received pressure from the card brands to increase PCI data security compliance among smaller merchants.
Acquirers typically assess merchants a monthly or annual fee for the programs and merchants receive a variety of services, including scans to identify potential security holes and assistance in completing self-assessment questionnaires required by the card brands.
Compliance program fees vary, and some ISOs and acquirers are not charging merchants for these services.
“About a year and a half ago, people were ignoring it,” Rich says of industry reaction to compliance programs. “But they charged for them anyway.”
Now, that has changed. Many payment companies have set up in-house procedures to ensure merchants receive the service they pay for, says Rich, who advises payment companies about risk and security. The payment-security companies contracted to provide the compliance evaluation service are reaching out to merchants through a variety of ways, such as calling them. “[Merchants] are paying a fee, but they are getting a service,” she says.
Rich surmises that ISOs have become aware of the necessity of ensuring their merchants comply with the PCI data security measures, especially if merchants question what the fees are for.
“ISOs really understand there are repercussions if they don’t provide something [worthwhile] to their merchants,” Rich tells PaymentsSource.
What do you think about this? Send us your feedback.
