Blog
PCI Partner
PCI Advice for New ISOs

PCI Advice for New ISOs

PCI advice for new ISOs. Here are three tips to help Independent Sales Organizations (ISOs) better position their PCI program

Updated
December 14, 2022
Posted
January 1, 2018
PCI
Security Training
PCI Advice for New ISOs

PCI advice for new ISOs: Three tips to help Independent Sales Organizations with PCI.

Having worked on merchant security and compliance since 2003, I’ve noticed some common pitfalls and missed opportunities when positioning a PCI program. Here are three tips from my experience to help Independent Sales Organizations (ISOs) better position their PCI program:

1. Give your sales team a workable and attractive solution

Provide your sales team with the information, assistance, and training they need to win customers without avoiding PCI. It’s easier to provide your team with a competent and accessible PCI expert than to attempt to train each of them individually.

  • Example 1: Many ISO sales people have had personal friendships with members of our PCI engagement team. Their pitch to new customers was “Call my friend {insert name} at SecurityMetrics, he/she will take care of you! He/She will explain everything and will get you into the PCI process faster and simpler than you could ever do it yourself. It typically takes less than 15 minutes. Then as you go through the SAQ or deal with scan results, SecurityMetrics has a 24x7 call center with friendly people to help you understand how to meet PCI requirements.”

This is an example of salespeople who are confident in dealing with PCI, because they had a workable and attractive sales solution. The customer’s good experience with the SecurityMetrics PCI expert reflected positively on the ISO sales person.

  • Example 2: I’m familiar with a regional bank, with about 4500 MIDs, whose unique selling approach included security. They designated an in-house specialist to regularly consult their merchants on these topics.

While this regional bank did not provide the least expensive payment solution, their customers received greater value for each dollar spent on payment processing. The value of expertise and seasoned industry advice on just three key topics saved these merchants thousands of dollars. And their sales approach—using “security” as a pillar of their solution—won them business.

2. Position PCI Compliance as a Strength

My second recommendation is that you add “keeping your merchants secure and compliant” as a business strength. By taking this approach in today’s insecure world—of working to keep your merchants safe and secure—you bolster your unique selling proposition.

Issues that contribute to making PCI a strength

  • Payment solutions that either reduce PCI risk/requirements (i.e. P2PE) or come packaged with additional components which minimize merchant efforts to minimize risk and easily comply (i.e. managed firewall/security services and more).
  • Readily available human assistance for your merchants as they tackle PCI (engagement and mid-process).  
  • Work with your PCI vendor such that their online PCI solution uses terminology matching your solutions. Every possible point at which your merchant is less likely to stumble during PCI is a benefit.

Since security can be a dynamic and time-sensitive issue, your additional focus on security allows you to repeatedly communicate with your merchants to remind them of the benefits they receive from you. Several PCI vendors provide timely, re-publishable content for your use with merchants.

3. Money for PCI

My precautionary advice about monetizing PCI assistance: take great care to make sure you provide defendable value if you’re charging for PCI assistance. We recommend you also allow your merchants to DIY PCI if they wish.

In the UK, where government oversight and the government’s “protectionism” has advanced further than the US, most acquirers who provide PCI compliance assistance (for a fee) are careful to allow merchants the right to opt-out (or opt-in) to their PCI services. US regulators will likely eventually look to increase their “protectionism” efforts. Your business will want a multi-year track record of a perceived fair-treatment of your merchants.

Can SecurityMetrics Help?

Streamlining Sales

SecurityMetrics’ sales staff love to partner with individual ISO and acquirer sales staff to provide the best PCI introduction to your merchants. If you are a sales person who’d like a friend in PCI to help your merchants, or if you’re an ISO who wants all your sales staff to have friends in PCI, please let us know.

SecurityMetrics provides PCI orientation and training to our acquirer and ISO partners’ sales teams and support staff on a regular basis. We do this onsite, via remote teleconferencing and with webinars. SecurityMetrics’ experience has proven that PCI-educated acquirer and ISO staff makes for smoother and more successful PCI programs.

PCI as a strength

SecurityMetrics has done many things to help ISOs and acquirers make PCI and data security a strength. Listed are just a few examples:

  • We certify P2PE solutions. We certified the first P2PE solution in the world!  
  • SecurityMetrics provides a variety of professional services related to security and compliance including: Onsite security audits (PCI, HIPAA, etc.), penetration testing (network layer, software layer), forensics (PFI, etc.), PA DSS audits, P2PE audits, and more. SecurityMetrics also develops security tools and products including: Vulnerability Assessment testing (ASV) [internal & external], Card discovery software, Privacy data discovery, managed firewall/security, and more. As such, SecurityMetrics has a great deal of security matter expertise!
  • We provide monthly educational content on security or current threat topics in the form of webinars, white papers, articles, blogs, etc.
  • We provide individualized security and PCI consulting for our partners’ staff. Historically, we’ve consulted a wide variety of staff from our acquirer/ISO partner organizations including but not limited to: sales, support, relationship managers, third-party certification, data compromise, level 1,2,3 merchant compliance managers, level 4 compliance managers, risk managers, executive team members, and more.
  • We provide partner/customer presentations. We’ve presented at a wide spectrum of industry-specific events in partnership with our acquirer/ISO partners. We’ve also presented at annual franchise meetings and annual large account retreats for acquirer partners.
  • We provide customer consultations. In one of our more memorable customer consultations, we saved the customer $1,000,000 by redirecting their compliance efforts to an acceptable and lower-cost alternative to fulfill certain compliance requirements.

Using SecurityMetrics PCI assistance for your merchants provides a value-packed benefit that would cost your merchants much more without your volume discount.

If you are interested in a PCI program or any of our PCI or data security solutions, contact us here.

Join thousands of security professionals.

Subscribe Now

Get the Guide To PCI Compliance

Download

Get Quote for PCI Compliance

Request a Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000