Thursday, February 12, 2015
According to The Impact of Breaches: A Survey of MAC Members on the Realities of Data Breaches, merchant PCI compliance is lower than most stakeholders are willing to admit. And it suggests that “the relatively low number of breaches and the small amount of fines assessed” provide acquirers and processors with “little incentive to quell breaches through proactive measures." Thus, they opt instead to either absorb losses or pass them on to merchants.
“Acquirers should take a more active role with the breach problem by investing in technology that protects merchants while they process payment data. Merchants may perceive this value-added service as a reason to continue their current processing relationship, and it could offer acquirers a competitive advantage,” wrote Dr. Branden R. Williams, a technology and information security consultant commissioned by MAC to query members about PCI compliance trends. Williams believes EMV (Europay, MasterCard and Visa) technology may be more readily accepted by merchants than PCI has been, “especially since enablement happens directly in the terminal,” he stated in an email exchange.
MAC is an organization of bankcard risk professionals; it counts members from over 500 firms, including processors, acquirers, banks, ISOs and the card brands. Approximately 20 percent of MAC’s membership participated in the survey, which addressed PCI compliance at all four merchant levels, according to the report.
Following are some of the study's key findings:
The report concluded that acquirers and processors aren’t doing much to push PCI compliance at the merchant level. One alternative is to “consider investing in tools that effectively remove the merchant from the need to address PCI DSS and charge a premium for these tools. Merchants may perceive this value-added service as a reason to continue their current processing relationship, and it could offer acquirers a competitive advantage,” the report stated.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.