Report: ISOs, Acquirers Finding Innovative Ways to Address Merchant PCI Compliance
Recent survey by ControlScan and the Merchant Acquirers’ Committee finds new strategies surrounding non-compliance fees, scope-reducing technologies.
LAS VEGAS, Mar 3, 2020 - MAC Level Up Conference - ControlScan, a leader in managed security and compliance solutions that help secure networks and protect payment card data, has released a new payments industry research report in collaboration with the Merchant Acquirers’ Committee (MAC). Among its findings, the ControlScan/MAC 2020 Acquiring Trends Report identifies new strategies ISOs, acquirers and other merchant service providers are employing in the face of increasing merchant PCI compliance challenges.
ControlScan and MAC have tracked various aspects of acquirers’ PCI programs—including who has them, their goals and achievements, and how they’re administered—since 2011. Gathering this data over time has provided the ability to follow trends and share unique insights into the state of merchant PCI compliance programs.
Acquiring Trends survey respondents consistently say that regular, ongoing communications and education are key to their merchant PCI compliance efforts. However, this year’s survey saw a rise (from 35% to 44%) in those who are realizing the benefit in combining communications with technology services such as managed firewall. Validated point-to-point encryption (P2PE) solutions, as well as end-to-end encryption (E2EE) also rated high for their ability to reduce PCI scope.
"When combined with regular communications and educational content, scope-reducing technologies and related services are a powerful way to make life easier for the merchant,” said Chris Bucolo, Vice President of Market Strategy, ControlScan. “It’s all about giving the merchant the tools and support they need to properly secure their business, without overburdening them.”
Other key findings from the ControlScan/MAC 2020 Acquiring Trends Report include:
- Keeping merchants compliant is a continuing challenge – From 2014 through 2018, portfolio compliance rates were on a healthy upward trend. In 2018, however, there began to be signs of slowing rate growth based upon 38% of survey respondents reporting that their rates had either stayed the same or declined. The 2020 numbers show a definitive downward trend, with only 26% reporting compliance rates above 60% (as opposed to 42% in 2018) and 23% under 25% (as opposed to 15% in 2018).
- Non-compliance fees are increasing in their significance – The percentage of those not charging non-compliance fees has historically been stable at around 17-18%. This year, however, the percentage rose to 23%. When asked about the drivers behind waiving non-compliance fees, an astounding 77% said they did so for strategic and/or competitive purposes. This year’s survey also found a widening divide between those who charge no non-compliance fees and those who are charging a non-compliance fee of more than $50 per month.
- High Compliance Rates and merchant risk reduction go hand in hand – Keeping merchant risk in check is a priority for virtually all respondents, with 86% saying it’s a high or top business priority. Further data analysis revealed that one-third of those who have made merchant risk reduction a top priority are achieving higher merchant portfolio compliance rates than the group as a whole.
"Running a successful PCI compliance program requires regular reviews of metrics and trends so that corresponding adjustments can be made,” said Bucolo. “Like security technologies, there is no ‘set and forget’.”
“The information we glean from our ongoing survey partnership with ControlScan is extremely valuable,” said Vadeene Sisk, Education Committee Chair, MAC. “High merchant compliance rates translate to reduced business risk, which is mission critical for the MAC membership base as well as the payments community at large.”
About the Survey
The ControlScan/MAC 2020 Acquiring Trends Survey was conducted over a six-week period between November 12 and December 23, 2019. The survey was administered online, and a link was distributed via email to randomly selected processors, acquirers, ISOs and other merchant service providers listed in the databases of ControlScan and MAC. A total of 68 payments industry professionals, representing organizations that serve Level 3 and 4 merchants, completed the survey.
The ControlScan/MAC 2020 Acquiring trends report is being released in conjunction with the MAC Level Up Conference taking place March 2-5 at the Park MGM in Las Vegas. Download a complimentary copy of the new report here.
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit ControlScan.com.
About Merchant Acquirers’ Committee (MAC)
The Merchant Acquirers’ Committee (MAC) is an organization of payments professionals dedicated to protecting the integrity of the payments ecosystem. Our members include acquiring banks, ISOs, the card brands, NACHA, law enforcement agencies, payment processors, and payment facilitators. MAC’s mission is to strengthen the payment ecosystem through ongoing education, communication, and cooperation among its members. For more information, visit www.macmember.org.