Smaller merchants are systematically failing to engage with PCI compliance programs, according to a new acquirer survey from Sysnet Global Solutions, a provider of cyber security and compliance solutions to the payments industry.
The survey revealed all acquirers believe small merchants are not effectively engaging with PCI programs, with many identifying the challenges small merchants face, including lacks of knowledge, urgency and time to dedicate to security and compliance – a worrying trend.
As a result, the vast majority of acquirers indicated they would like their compliance rates to be higher, with most aiming for a minimum 70 per cent compliance rate, and more than 15 per cent targeting near-perfect compliance levels of 90-plus per cent.
Acquirers are split on how to achieve this. The majority of respondents (76 per cent) favour regular communication (i.e. calls, emails), while managed security and compliance service and merchant education prove equally as effective with 72 per cent favouring each.
“We conducted this survey to put some structure on the many conversations we have had with acquiring organizations who feel they’re fighting a losing battle when it comes to getting smaller businesses secure and compliant,” said Gabriel Moynagh, CEO at Sysnet Global Solutions. “PCI non-compliance fees seem like a good idea to prompt smaller businesses to take action, but the real problem is that they just don’t have the knowledge, time or resources to get and maintain compliance.”
In reality, more than half (56 per cent) of acquirers do not believe fees drive compliance, and agree the industry needs to wean itself off non-compliance revenue, which is a significant contributory factor in merchant attrition.
Sysnet’s survey also revealed 44 per cent of respondents consider non-compliance fees to damage their brand as an acquirer, and nearly every acquirer agreed that they need to do more to provide a SME offering that helps these merchants to secure their business and raise PCI compliance rates.
“It is likely that PCI compliance will continue to evolve over the next five years, and it’s important for us to continue to develop and grow our SME offering by adding new value to our payment solutions,” Elavon CPO Wally Mlynarski said. “Working with Sysnet, we are already providing our SMEs with managed PCI compliance and cyber security tools, eliminating the need for them to navigate the complexities of the PCI standards, or figure out the appropriate security tools. Equally important, we are making headway in the move away from non-compliance fees as the only means to drive compliance rates and are already seeing positive results.”
“We’ve always looked for ways to improve the self-assessment process for smaller merchants, and have concluded that what those businesses really need is help. Our managed compliance and security solution, Proactive Data Security, not only helps merchants complete the compliance process, it also identifies and installs the security tools necessary to protect the business. A double-win for merchants, PDS reduces the risk of costly data breaches, while eliminating monthly non-compliance fees – and it costs the same or even less than they’re currently paying in non-compliance fees.”
For the full report and survey results click here.