IMGCAP(1)]
Providing value to merchants should be the primary goal of independent sales organizations that offer data-security services to their clients, not generating additional revenue, industry observers generally agree. Some ISOs resell security services from third-party vendors to help their merchant clients comply with the Payment Card Industry security standards. ISOs typically charge merchants for such services, but the fees vary by company. "Our philosophy is not to lead with a revenue-generating approach," says Joan Herbig, CEO of ControlScan Inc., an Atlanta-based provider of PCI compliance and security products for small and midsize merchants. "We lead with the idea that a security program helps the merchant and makes them more secure," she says. Some ISOs, however, instruct merchants to become PCI compliant but do not provide security services and charge them fees for being noncompliant, says Valissa Kelly, vice president of sales and operations at Avid Payments, a Birmingham, Mich.-based ISO. "We are seeing it out there in the industry," says Kelly. Avid Payments has a mandatory security program for its merchants that costs less than $100 annually. "Our goal is not to increase revenue. Although we are generating some revenue, most of [the fees] go to education and security," she says.
