Senior payment executives’ thoughts on SME PCI compliance and security
Acquirers now hold higher expectations for compliance than they did 12 months ago, Sysnet Global Solutions has established.
What is your current compliance rate?
The annual report, which surveyed 30 global acquirers, found these providers now expect their level 4 merchant client-base to be performing at PCI compliance rates of 70 per cent or above – with none of those surveyed indicating 50 per cent or less as acceptable. In sharp contrast to this expectation, only 11 per cent of respondents currently have a compliance rate of greater than 70 per cent.
Acquirers also believe they have more responsibility and a duty of care to their merchants with eight in ten wanting to do more to drive awareness of compliance matters within their client-base. This is particularly pertinent when it comes to educating SMBs, with three quarters (75 per cent) of respondents believing that their merchant customers do not understand the need for compliance.
This change in opinion may have been driven by the advancement of managed services which are now deemed critical to the compliance process. These services have been particularly beneficial to SMBs, as processes and services are tailored to meet smaller businesses’ resources and requirements.
The report further establishes that the majority (72 per cent) of those surveyed want to move away from obtaining income through PCI non-compliance fees, an increase of 20 per cent on last years’ figure.
Almost 60 per cent believe that adding merchants to a managed compliance service is a viable alternative to charging for non-compliance. By ensuring merchants are compliant and secure, and moving away from these non-compliance fees, customer relationships are improved and risks are reduced for both merchant and acquirer.
This is a particularly important change for acquirers as, when merchants fold due to being unable to pay the fines associated with a breach, the cost falls to them. Although non-compliance fees generate lucrative revenue now, this may have a detrimental outcome in the long term.
By taking a preventative approach to non-compliance, merchants are able to flourish and grow. This is fueled by the fact they will no longer be impacted by complex compliance regulations, which, more often than not, they do not fully understand.