PCI Compliance Still A Sticking Point For Some Merchants

April 14, 2017

Across the country, many merchants have been more than happy to step into the next generation of payment processing by accepting EMV and mobile transactions.


Across the country, many merchants have been more than happy to step into the next generation of payment processing by accepting EMV and mobile transactions. However, some may have also struggled to achieve that next step. Complying with industry security standards isn’t always easy. This is often particularly true when it comes to smaller companies that may not have budgets to live on the cutting edge of PCI compliance.

Certainly, many companies involved in the processing side of the payments ecosystem cite problems with merchants’ ability to comply with PCI standards as a reason they’ve lost business in recent years, according to the latest Acquirer PCI and Security Survey from ControlScan and the Merchant Acquirers’ Committee. This has been an issue for 1 in 4 survey respondents in recent months, and conversely, fewer than that say that their efforts with compliance have actually helped them retain merchants.

“Easing their merchants’ PCI compliance pain is certainly to the acquirer’s competitive advantage, but for risk reasons, it’s important to actually get the merchants compliant,” said Chris Bucolo, director of market strategy for ControlScan. “Acquirers who become a trusted advisor to the merchant will be more knowledgeable, consultative and communicative, and that will strengthen merchant retention.”

More merchants need to get onboard with PCI compliance.More merchants need to get onboard with PCI compliance.

What’s The Issue?
When merchants aren’t PCI compliant, they run a major risk for having their customers’ payment data and other information stolen, according to SecurityMetrics. And unfortunately, the average merchant is currently non-compliant with nearly half of all requirements under PCI best practices. Further, the average company hadn’t been compliant for over 1,000 days – nearly three years – and 2 in 5 companies had been breached as a result of their lack of security. More than half had also been victimized by malware that targeted sensitive data.

To that end, it is vital for companies to make sure they’re doing all they can to meet the 12 basic PCI requirements and learn more about how those protections will help them going forward, the report said. The good news for these merchants is that many in the payment processing industry have a vested interest in helping them meet those goals.

Getting Up To Speed
Indeed, there are plenty of options to help merchants of all sizes assess their readiness to meet PCI standards, and fix whatever shortfalls they might still be facing, according to Nibletz. The fact is that any payment card information companies store is extremely valuable and can cause major liability issues if it’s exposed. Consequently, it’s vital that all aspects of how that information is stored meets industry standards for security so that both merchants and their customers or clients are as safe as possible.

For all these reasons, merchants need to take the time to assess all their options for meeting PCI standards on an ongoing basis, even if it takes a little bit of additional investment up front. By taking these extra steps, companies will position themselves well for an increasingly secure real-world payments ecosystem.

Back To Blog