Tuesday, March 10, 2020
Regular, consistent communications and education are keys to ensuring merchant compliance with PCI security protocols. Combining these two with technology services, such as managed firewalls, can be the equivalent of a hole in one. That’s the upshot of a new report from ControlScan and the Merchant Acquirers’ Committee.
“High merchant compliance rates translate to reduced business risk, which is mission critical for the MAC membership base as well as the payments community at large,” said Vadeene Sisk, MAC education committee chair.
The just-released ControlScan/MAC 2020 Acquiring Trends Report, analyzes results of a survey of 68 payments industry professionals at organizations serving Level 3 and Level 4 merchants. About two-thirds of those surveyed count fewer than 5,000 small to midsize businesses (those most commonly classified as Level 3 and 4) in their portfolios; about 15 percent serve more than 50,000 SMBs.
The survey found a notable increase (from 35 to 44 percent) in merchant acquiring reporting real benefits from combining communications with technology services like managed firewalls. Validated point-to-point encryption as well as end-to-end encryption also rated high for their ability to reduce PCI scope.
“When combined with regular communications and educational content, scope-reducing technologies and related services are a powerful way to make life easier for the merchant,” said Chris Bucolo, vice president of market strategy at ControlScan. “It’s all about giving the merchant the tools and support they need to properly secure their businesses, without overburdening them.”
Most acquirers track PCI compliance rates, but the report reveals that keeping merchants compliant is a continuing challenge. Just over one quarter (26 percent) reported merchant PCI compliance achievement rates above 60 percent. The largest share (35 percent) reported PCI compliance achievement rates between 26 and 40 percent. Not surprisingly, acquirers with the largest portfolios (over 50,000 merchants), tend to have lower compliance achievement rates; 44 percent of these organizations reported compliance achievement rates of 25 percent or less.
The 2019 survey data points to a disturbing downward trend in merchant compliance achievement rates. In 2018, 42 percent of acquirers surveyed reported merchant compliance rates over 60 percent. Many blamed the decrease in compliance rates on merchants that were initially compliant but failed to revalidate compliance, as required, in subsequent years. But reduced frequency of communications surrounding compliance was a contributing factor cited by 20 percent of those surveyed.
The survey also found an increase in acquiring organizations imposing non-compliance fees – from 17 to 18 percent in years past to 23 percent in 2019. And better than half of those who impose non-compliance fees consider it an effective strategy to raise non-compliance fees until the merchant complies. But imposing non-compliance fees is not a hard-and-fast rule. Many are waiving the fees, with a whopping 77 percent of acquirers that waive the fees indicating they did so for strategic and/or competitive purposes.
Looking closer at non-compliance fee levels, the report points to what appears to be a “sweet spot” for non-compliance fees of between $1 and $10 a month. Acquirers charging non-compliance fees in this range are seeing merchant compliance rates of 60 percent or higher, the report revealed.
“Merchants often switch providers over fees, so it’s no wonder more acquirers are beginning to waive the non-compliance fee,” the report states. “However, before eliminating the fee altogether, the data suggests that lowering it and measuring the results in terms of PCI compliance achievement may be the best course. This can be especially helpful in terms of maintenance, because merchants who originally complied and had the fee waived will see it reappear, thereby driving them to action.”
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
