Study: Level 4 Merchant PCI Compliance Turning Into Money Grab

by Mercator Advisory Group 0

The results of a study conducted by PCI vendor ControlScan and the Merchant Acquirers Committee (MAC) indicate that acquirers have begun using PCI scanning and security assessment services as a means to generate revenue rather than reduce risk. The results of the survey, which was aimed at determining acquirers’ “attitudes and objectives surrounding their Level 4 merchant PCI compliance programs,” were published last week. 123 respondents including banks, processors, and ISOs contributed their insights to the research.

“Competitive pressures in the payments space impact how acquirers balance their merchants’ needs with their own business need for a healthy bottom line,” said Joan Herbig, CEO of ControlScan. “Traditional merchant services are no longer as profitable as they once were, so we’re seeing a conflict between risk and revenue play out in the way acquirers manage their PCI programs.”

Other key findings from this year’s ControlScan/MAC survey provide a unique, inside look into the differences between successful and unsuccessful PCI compliance programs, as well as the business drivers behind program trends. For example, the study found that acquirers reporting an organizational “lack of traction” for their PCI compliance program also report lower merchant PCI compliance rates and are more likely to have had a merchant suffer a recent data breach. These and other insights from the survey can be used to inform the decisions banks, processors and ISOs make as they re-evaluate their PCI programs.
“Acquirers should substantiate PCI-related costs and fees by offering their merchants sufficient return value for their investment,” said Susan Matt, CFO for MAC and CEO/founder of payments consulting firm ThoughtKey, Inc. “A robust PCI program can provide merchants the support they need to successfully meet and maintain compliance, while an ineffective program does not produce long-term value for either party.”

The free survey report includes specific recommendations to help acquirers successfully engage their Level 4 merchants in the PCI compliance process.

To access a copy of the survey report, please click on the following link:

Featured Content