Latest PCI Study from ControlScan Gets 'Acquirer's Perspective'

by Mercator Advisory Group 0

In conjunction with the Merchant Acquiring Committee (MAC), PCI security vendor ControlScan has released a benchmarking study that reveals the perspective of merchant acquirers on their efforts to bring their Level 4 merchant populations into compliance. Whereas ControlScan has for the last three years published results of their research into merchant behavior and attitudes regarding PCI compliance – the latest report of which was released in October – this is the first time the company has polled acquirers and merchant service providers in their survey. The report, “Benchmarking Level y PCI Compliance: The Acquirer’s Perspective,” is available in the Payments Journal library.

From the press release:

Despite the payments industry’s frustration with a perceived lack of progress with Payment Card Industry (PCI) compliance adoption among small merchants, a recent survey finds a growing number of acquirers see value in having a PCI program to reduce data breaches and overall portfolio risk with success coming to those who actively engage their merchants in PCI education and support.

This conclusion is just one of the major findings from a survey, Benchmarking Level 4 Merchant PCI Compliance – The Acquirer’s Perspective, of more than 146 banks, processors and Independent Sales Organizations (ISOs) serving Level 4 merchants conducted by ControlScan ( and Merchant Acquirer’s Committee (MAC) ( Ninety-four percent of acquirers have a PCI program in place for their Level 4 merchants with 57 percent saying their merchants see value in their PCI program. More importantly, 70 percent of acquirer respondents believe their PCI program reduces small merchant data breaches.

“Over the last three years, ControlScan has extensively studied the viewpoints of small merchants regarding PCI compliance,” said Joan Herbig, CEO of ControlScan. “For the first time, we are benchmarking the experiences of acquirers in helping small merchants comply with the PCI DSS. While recent research has broached this topic, it has been from the standpoint of larger merchants, Level 1 and 2, and has had little applicability to the challenges faced by smaller Level 4 merchants. This study shines a light specifically on this segment.”

According to the survey, 61 percent of PCI programs have been in place for two years or less, so the duration of programs is still maturing based on the fact that the PCI DSS was initially developed and released seven years ago. Overall, one-third of respondents said at least one of their merchants experienced a data breach during the last 12 months. Study responses show, however, that as the Level 4 merchant compliance rate increases, the occurrence of a data breach decreases.

“The benchmarking study suggests that acquirers have a positive outlook on PCI compliance, a stance MAC wholeheartedly supports in its communications and education curriculum for members,” said Susan Matt, CFO of MAC and CEO and founder of ThoughtKey, Inc. “The study also links certain key attributes of acquirers with high PCI compliance rates – a correlation we simply speculated earlier, but can now stress as best practices to the industry.”

Click here for more:

Featured Content