learn more

Public Relations Blog


Our Public Relations Blog focuses on helping others to stay up-to-date
with the latest events and news in the merchant services industry

learn more

Why choose Merchant Service Provider?


Increase your sales if you currently do not accept credit cards, or lower your costs by
switching to us if you currently accept credit cards. Satisfaction 100% guaranteed.

Seven Steps to a Practical PCI Program

July 29th, 2009

Share/Bookmark


The PCI (payment card industry) DSS (data security standard) is a new reality for small merchants and their service providers. Many processors and ISOs have to ask the question how do I execute on this instead of what is PCI? The right answers will ultimately lead to an approach that will help ISOs avoid needless cost and also minimizing the risks to the ISOs portfolios.

These seven steps will help build you an effective and practical PCI program not only for yourself but also your merchant customers.

Step One: Realize your merchants need assistance, not just audits.

Small merchants often face considerable obstacles to PCI success. Simply pushing the PCI burden onto merchants in your portfolio is not enough. Addressing PCI issues will produce more than frustration all around, unless their ISOs figure out different ways to lower these obstacles. Many merchants in today’s market are already going against poorly designed PCI programs.

One common thing that is causing these ineffective programs is that smaller merchants can’t call on internal resources to have PCI compliance they also do not have the means to hire a consultant.

Without having someone to provide these merchants with knowledge and walk them through the PCI process any program will just upset your merchants.

Step two: Keep moving forward

In order to have a successful PCI program, the program needs to be apart of every day business not just a project that needs to be done by a certain time. create a program that continuously engages in this or find a security company to partner with that will do this for you.

Step Three: Create a structured program

We all know security is a never ending process but progress still has to be shown to your merchants. Having the feeling that they will never get anywhere regardless of all their efforts is discouraging for anyone. So keep your merchants up to date.

Make sure your program has an understandable structure and correspond it with your merchants. Let them know they have made progress with there status and PCI compliance. Also let them know where they are going next.

Step four: Make it active, not passive

Putting merchants through an evaluation is not all the PCI DSS is about. The PCI DSS is about fixing problems that are revealed.

Many vendors are only doing the easiest part and that is the passive assessment phase which is only going halfway and then abandoning their partners and customers. Make sure the PCI programs give merchants the answers they need to fix the problem.

Step five: Support them, but be smart about it

A support program is an essential in small merchants understanding PCI. But, a  inexperienced program will only bring a huge support load and put a drain on your time and your finances.

By getting things right upfront and having a structured program to minimize the support load. By giving merchants the help they really need this will limit the support calls coming in that may over whelm you. Too many merchants today are not being helped enough and in result this leads to a huge wave of support demands and unnecessary costs.

Step six: Learn from your PCI program

By bringing portfolio of merchants into PCI compliance can be hard it is also a option to learn more and build faithfulness and actual value with those relationships.  You will be able to do a better job at what to do next. You will know what the weaknesses are and also you’ll know what is working and what isn’t.

One thing to remember is that the process needs to be set up correctly from day one. By simply sending out assessment questionnaires your merchants you wont gather any useful information. You can get the correct information from the very beginning and use that to make your merchant and your self smarter in the long run.

Step Seven: Make it revenue-positive

If done correctly, a PCI program doesn’t have to cost you anything. It actually can make be revenue for you. You never want to stick your merchants with outlandish prices but the right result can give the program needed at a low cost. This makes it possible to charge a lower monthly fee and make a reasonable profit.

The industry is already in the right direction by charging mandatory monthly PCI fees. This way the processors and ISOs don’t have to worry about being at a competitive disadvantage as long as the price is controlled.

If doing it right you can have a program that: reduces your legal and financial exposure, improves security to merchants and their clients, builds your connection with merchants in your portfolio and is a profit stream not a financial burden.