Tuesday, May 28, 2013

Keep The PCI Compliance Process Top Of Mind

Data security and the PCI compliance process always need to stay top of mind for our merchants.

To make sure this is the case, we can’t think of PCI as a one and done deal. We have to reinforce the issue throughout the complete merchant lifecycle. Below are three convenient occasions when you can bring up the PCI compliance process and PCI compliance assessments with your merchants--keeping them compliant and their customers safe.

1. Installation
We often view installation as the final step in the sales process, but you can make it much more than that.

Many merchant service providers will use it as a convenient time to ask for referrals. Others use the occasion to train the business’s personnel on how to operate the terminal. Some try to sell additional services. While all of these are great ideas, we should also use this time to discuss PCI compliance.

Remind the merchant that they must complete a PCI compliance assessment. Reiterate that the way they handle transactions is crucially important. If they have a computer-based point-of-sale system, make sure they know how important it is that they secure their network. If they’re going to be using a terminal, tell them they should never write down complete credit card numbers or keep receipts where someone could see or steal them.

And right before you leave, you should remind them that although they may be PCI compliant today, if they’re not cautious, a single mistake could make them non-compliant. And that mistake would be expensive.

2. Retention
Good communication is the best way to retain your merchants. So if you don’t have a newsletter, you should start one. There are many tools out there to help you create one electronically.

And you should talk about PCI in every edition. It doesn’t have to be the main topic, but you should always bring up data security in some way, shape or form.

3. The Problem Call
Every time a merchant calls you, you have the chance to bring up PCI compliance.

Fix their problem first, of course, but then ask them how they’re doing more generally.  Catch up with them for a few minutes, and see if their situation has changed or if they need something that you can help with--a new product perhaps.

Then ask them if they’ve heard anything new about data security. Talk them through any new insight you might have, then remind them of the steps they should be taking to protect their customers.

I’ve found that these are great times to bring up PCI compliance with merchants. When do you like to broach the subject?


Posted by at No comments:
Labels: , , ,

Three Things You Need To Know About PCI Requirements


Although “PCI requirements” and “PCI compliance fees” aren’t quite the buzz words that they were a few years ago, PCI is still vitally important to your business, your clients and their customers.

Here are three things you need to know to keep your merchants compliant and their customers safe.

1. Breach Insurance Isn’t Enough
Most merchants understand that it’s important to keep their cardholders’ data safe and sound. 

But I have found that many still believe that, because they have breach insurance, they don’t have to worry. And so when I ask them what concrete measures they’ve implemented to protect their customers, they give me a blank stare.

Don’t get me wrong--breach insurance is great. But it’s no substitute for taking the necessary steps to fulfill PCI requirements and keep cardholders safe.

That’s why, as merchant service providers, we must constantly emphasize the PCI process.

2. Never Let Them Forget PCI
To ensure that merchants are protecting their customers’ data, you have to emphasize PCI throughout the merchant lifecycle.

I like to bring up PCI at the following occasions: 
  • Installation
At installation, many providers ask their customers for referrals, or they teach the business owner and staff how to operate the terminal. But installation is also a great time to talk PCI. Remind the merchant that they need to complete a PCI compliance assessment. Reiterate how important it is to secure their network. And be transparent about any PCI compliance fees that they’ll have to pay.
  • Retention
Communication is the best way to retain your merchants, so if you don’t have a newsletter, you should put one together today. And in every newsletter, you should touch on PCI. It doesn’t have to be the main article, but a short blurb in every issue will help keep PCI top of mind. 
  • Problem Calls
Every time a merchant contacts you, you have the opportunity to mention PCI. Of course, you should answer their question or solve their problem first. But then ask them how they’re doing. Have they heard anything new about data security? 

3. Compliant Today, Breached Tomorrow
Perhaps the most important thing to communicate to your merchants is the need for constant vigilance.

You could be doing everything right. You could have completed all your compliance assessments. You could have secured your network.

And then, one day, you make a single mistake, and your customers’ accounts will be compromised. You will no longer be compliant. And that mistake will cost you.

What do you think are the most important things to know about PCI?

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)