Next to price, the top factor in a merchant’s POS decision is payment security. Data breaches and fraudulent transactions present deadly risks to both businesses and their customers. Your merchants expect their payment service providers to keep this payment information secure.
However, as we all know, protecting your merchants can be a bumpy road. Merchants need security, but they don’t welcome any extra work to make it happen. How can you keep your merchants informed about payment security in a way that gets their attention, and most importantly, earns their buy in?
While fraud threats are continually increasing and evolving, maintaining a secure payments environment is entirely manageable. The key to success is educating your merchants about the threats they face and getting them on board with PCI standards.
Merchants may not maintain secure payment standards for several reasons: a failure to understand compliance requirements, a failure to understand the impact of compliance failure, and a shortage of staffing in implementing standards. But what it all boils down to is this: merchants don’t follow best practices because they don’t actually view them as best practices.
Let’s face it, compliance isn’t fun. It’s dry, tedious, and takes your merchants’ precious time and attention away from the glittering ball of profit. PCI standards can seem like excessive and burdensome paperwork, but they’re truly the key to keeping your merchants on the rails.
Focus on the Bottom Line
Remember, your merchants care about making money. Merchants need to understand that failure to maintain secure standards will cost them this hard-earned money, either in fines or fraud (or both.)
Thieves know that while large businesses have dedicated IT departments to maintain compliance and detect fraud, small businesses are often under-protected. And these unguarded targets are often easy pickings. Last year 61% of data breaches were targeted toward small businesses. According to First Data, the average cost of a data breach for small business was $36,000. And that’s not even factoring in the cost of forensic examinations, compliance fines, the loss of customers or damage to your merchant’s reputation.
No More Free Lunch
As we’ve moved through the EMV migration, merchants have been largely shielded from liability for noncompliance. Chargebacks under $25 were waived, multiple fraudulent transactions per account were limited, etc. Merchants found not in compliance have mostly received a slap on the wrist. But that free ride is coming to an end. As Visa is tightening up exemptions in April 2018, non-compliant merchants should expect to feel a pinch quite soon.
Significant fines may be coming down the pike as well. The payment brands have the right to fine acquiring banks $5,000 to $100,000 per month for PCI compliance violations. ControlScan explains, “the banks will most likely pass this fine along until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate (the) relationship or increase transaction fees.”
Start on the Right Foot
Payment security requires cooperation at all points in the chain, from brand to bank to merchant. When signing a new merchant, take time to highlight penalties in the merchant account agreement - along with explaining the reasons for them. While it’s more pleasant to downplay penalties, merchants need to know the stakes they’re facing with payment security.
PCI Council has a wide library of merchant educational materials freely available for you to distribute. These materials should help make the compliance process a little easier for your merchants to understand.
By communicating the need for payment security, you will play a vital role in making sure your merchants continue to process transactions securely and profitably.