top of page
  • Christopher Bulin

Don’t leave PCI Compliance (and revenue) to your Processor


One of the most complex compliance situations you need to understand is PCI. Many ISOs struggle with understanding the rules thoroughly and how it impacts their merchants.


What ISOs Need to Know about PCI Compliance

What no one tells you is running an ISO is tough. You not only need to bring on new merchants, but you also need to manage the back-office operations of your business, which is a full-time job. You need to hire agents & staff, partner with the right payments processor with a wide variety of solutions for any merchant type, and ensure you are compliant with all payment regulations and rules.

One of the most complex compliance situations you need to understand is PCI. Many ISOs struggle with understanding the rules thoroughly and how it impacts their merchants. Or they assume they know the rules inside and out.

Each merchant has a unique way of doing business and therefore, might have different PCI compliance needs to ensure their data is protected and that they are following all the necessary rules, including monitoring, and patching their environment. For example, an e-commerce business's needs are different than a retail auto shop’s needs.

Although your payment processor (acquirer) might reassure you that your merchants are all compliant, it’s not always the case. They are also charging monthly for non-compliance or for hosting the PCI questionnaire for the merchant. In most cases, the revenue goes directly to them, not your ISO.

In addition to ensuring compliance, the PCI SSC (Payment Card Industry Security Standards Council) updates rules for compliance often as the world changes and fraudsters get smarter. How do you know your merchants are compliant with the latest rules? And are you sure they have filled out the correct PCI assessment questionnaire for their business type? On average, it takes a merchant 6 months to fill out the questionnaire according to our internal data.

Here is where you can differentiate your ISO. There is a tremendous value added in educating your merchants about PCI and how important it is to keep their customer’s payment data safe. In a study by the FTC, consumers lost more than $5.8 billion to fraud in 2021, an increase of 70 percent over 2020 (FTC Study). In a world where fraud is increasing, merchants must have the proper solution in place to protect themselves and their customers.

To fully protect the merchant’s data and ensure the payment environment is secure, it’s wise to work with a partner that knows PCI inside and out. One that can help you identify what survey your merchant needs and can help them automatically answer questions based on their system and setup. This will ensure you are protecting your merchant’s data, keeping them safe from fraud and data breaches. In addition, it’s important to look for a provider that enables consistent monitoring of their system, regular patches, and flags security issues.

Now we come to how ISOs can create revenue-generating opportunities. Our PCI solution allows you to provide a turnkey PCI solution for your merchants while allowing you to price it appropriately and make additional margins. Your agents will appreciate extra commission opportunities and your merchants will appreciate knowing they have met and are constantly monitoring PCI compliance. Keep revenue opportunities without handing them over to your processor.

Interested in differentiating your ISO and making more money? Let us PROVE it to you. Contact us for a demo today.

12 views0 comments
bottom of page