How does PCI compliance impact merchant retention?

Managed security service provider ControlScan, in partnership with Merchant Acquirers' Committee, released findings from the 2017 Acquirer PCI and Security Survey. Completed by 133 ISOs, acquirers, processors and payment facilitators, the survey's results support an ongoing effort to understand and share Payment Card Industry Data Security Standard (PCI DSS) compliance program practices among payments industry stakeholders. This is a priority for ControlScan, which prides itself on taking a proactive approach to protecting businesses from cyber threats while helping ensure their compliance with security and privacy standards.

One key finding highlighted in a press release about the survey was that while merchant service providers agree their merchants' PCI compliance is important, retention concerns are creating a struggle between promoting convenience and enforcing compliance.

"One-quarter (25 percent) of survey respondents said their PCI compliance approach has caused attrition among their merchants," researchers noted. "By contrast, 22 percent credited their approach with helping them retain more merchants. These numbers are significant, because they show that nearly half of respondents believe their compliance approach impacts overall merchant satisfaction."

'Authentic compliance' a must

Chris Bucolo, Director of Market Strategy at ControlScan, stated, "Easing their merchants' PCI compliance pain is certainly to the acquirer's competitive advantage, but for risk reasons, it's important to actually get the merchants compliant. Acquirers who become a trusted advisor to the merchant will be more knowledgeable, consultative and communicative, and that will strengthen merchant retention."

The survey also found that 75 percent of respondents saw their portfolio compliance rate increase in 2016. Of those, 47 percent indicated it was because they had increased the amount of merchant education pertaining to compliance.

According to Bucolo, the survey's findings indicate acquirers are taking a deeper look at how adjustments to PCI compliance program variables can maintain simplicity for the merchant and at the same time, lead to "authentic compliance," which he said means "the merchant has actually learned something versus simply checking the boxes." ControlScan defines authentic compliance as "an ongoing state of security awareness, demonstrated by a merchant who understands and continuously employs the fundamental technologies and processes required to protect sensitive data."

MAC, an organization of bankcard professionals involved in the risk management side of card processing, is "pleased to continue to partner with ControlScan on the annual Acquirer Study in an effort to educate our members and the payments ecosystem on the importance of PCI compliance," said Vadeene Sisk, MAC Board Secretary.

The survey took place between Dec. 15, 2016, and Jan. 26, 2017, and included respondents with Level three and four (small to midsize merchant) portfolios ranging from less than 1,000 accounts to more than 50,000. Results, which were released March 22, 2017, were further discussed in a MAC webinar. A replay is available at bit.ly/2nHsmDh .

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.