PCI non-compliance fees have become common-place, but are processors truly considering the long term effects of such fees?
Ranging from $240 to $750 per merchant per year, smaller businesses are charged for failure to establish PCI compliance in a timely fashion through the various available self-service programs. While this seems like a suitable short-term solution to prompt a merchant to take action, it carries many shortcomings because it doesn’t tackle the main issues that caused non-compliance to happen in the first place.
It is not that merchants are being lazy or forgetting to fill out their Self-Assessment Questionnaire (SAQ), rather it’s the result of a flawed process and simply hitting them with an additional charge doesn’t solve the problem. The reality is, many smaller businesses simply do not have the time, resources or knowledge to achieve, and then maintain PCI compliance and so they continue to pay the non-compliance fee month after month, which does nothing to improve the security of their business.
A win for processors but not so much for merchants
Understandably, processors have been reluctant to stop charging these fees as they make for a lucrative source of short-term revenue. However, the long-term effects can be extremely detrimental, the practice of non-compliance fees for merchants is causing the industry to lose money in the long-term.
So, this begs the question are non-compliance fees simply creating a false economy?
Keeping a balance where everyone wins
There might be a trick, however, to keeping revenue streams high while ensuring compliance comes from ensuring a balance is held between the two. Programs that improve the merchant experience by removing the compliance burden and proactively addressing issues in security have a positive impact on merchant churn, increasing lifetime value (LTV) and negating the effects of dropping non-compliance fee revenue. Non-compliance fees have a place and can be hefty enough to prompt real action from a merchant, but only if a viable alternative is available to merchants.
Ultimately, processors need to keep merchants loyal to ensure a recurring revenue that is critical to the health and growth of a company, as when a merchant cancels an account, processors must consider the multiple-year(s) of lost revenue that you now have to replace by signing up a new merchant.
But how can this be achieved when trying to keep the status quo for both merchant and payment processor? To find out more around the questions posed here, download Sysnet’s full whitepaper here.