BLOG HOME > PCI > PCI Programs: How Acquirers Balance Value and Simplicity for Merchants

PCI Programs: How Acquirers Balance Value and Simplicity for Merchants


Robbi Watson
Director of Business Development

Creativity and innovation keep your merchants happy

At SecurityMetrics, our mission is to help businesses close security and compliance gaps and prevent data breaches. To achieve this mission, we foster creative innovation in order to merge simplicity and value in our PCI programs and cybersecurity services. We want to give acquirers new ways to make merchants happy, but still maintain security throughout their entire PCI compliance process.

Request a Quote for a PCI Program

Talk to Us

Simplicity from technology, validation, pre-population, and guided support

Level 4 merchants often think that if their payment terminal is PCI DSS compliant, then their entire business is PCI DSS compliant. We know that this is false. 

Obviously, merchants want simplicity. If they could, they would throw PCI compliance out the window completely. To make the PCI process simpler and easier for merchants, we utilize

  • Technology,
  • Alternative validation types (e.g., VISA TIP, PCI Data Security Essentials), 
  • Pre-population of data, 
  • And merchants’ current integration methods.

In short, our aim is to expedite the PCI compliance process and reduce the merchant’s scope.

We provide technologies and services to simplify PCI compliance. We also help customers utilize and understand validated P2PE solutions and EMV chip-and-pin solutions can do some of the heavy lifting for merchants. In addition to helping merchants utilize these technologies and understand how they impact PCI compliance, we provide 24/7 guidance and support, both through outbound and inbound programs as well as live-chat programs. Merchants need to feel confident they can ask any compliance question, at any time. 

Merchants still need to complete their PCI DSS validation, so how do we help make the process easier? We offer a product called FastPass which solves a couple of problems. 

  • First, FastPass leads merchants to their correct SAQ validation type. Traditional PCI scoping wizards can be vague and confusing. Whether going through the SAQ process alone or with a wizard, merchants can quickly get off track. We customize FastPass for our partners so that irrelevant and time-consuming questions are eliminated from the user experience, and so that users will select their correct SAQ type. 
  • Second, instead of merchants having to answer their entire SAQ, question by question, FastPass can pre-populate 99% of the questionnaire, depending on merchant processes and technologies. We accomplish this by infusing FastPass with data we collect from you and from your merchant base.

FastPass solves the issues of accuracy and frustrating user experience to create a superior user experience combined without skipping out on security. Some merchants may end up in an SAQ-D validation type; this is the most difficult and labor-intensive SAQ at over 300 questions. A merchant likely won’t feel confident going through that SAQ type and will become frustrated. We ask questions upfront to eliminate scope, pre-populate data, and keep your merchants happy. 


Value: expert security, peace of mind, and cost 

Our partners want a security expert in their corner. This provides peace of mind to their merchants, peace of mind to themselves, lower risk, visibility into vulnerabilities, as well as a proven remediation path if needed. Our security programs track merchants by location in order to avoid data breach and compromise across your entire portfolio. 

Innovation in SecurityMetrics’ products packages make programs like these affordable, which helps you and also your merchants. Traditionally expensive managed security tools are available in SecurityMetrics’ package options and provide confidence at a lower cost.  

The balance of simplicity and value allows merchants to focus on their business. 

Merchants don’t want to waste time and would rather it just be done for them. While we can’t complete the PCI DSS for the merchant, we can do everything we can to make it as easy as possible for them to validate compliance. 

SecurityMetrics Summit 2020 Content On Demand

Access Here

Level 4 vs. Level 1 data breaches

Most organizations think that data breaches will never happen to them. We can learn from recent breaches like Wendy’s, Marriott, Home Depot, MGM, and Quora. While these kinds of compromises at Level 1 merchants are not typically expected, they happen. It is no different for Level 4 merchants. They may think they are too small to worry about compliance and not take security seriously–at least until they get a letter from the U.S. Secret Service that has identified their business as a common point of purchase for stolen credit cards. 

SecurityMetrics is a partner that can be trusted to get your merchants to get from Point A to Point B while doing everything possible to prevent a data breach. If things go wrong for merchants, we also provide help with remediation (e.g., documentation). 




What should partners do to keep merchants happy? 

Partners need to provide simplicity. Pick a compliance partner who will help you and your merchants understand technology types, integration methods, EMV chip-and-pin, P2PE, scope-reducing storage and processing, and validation types (e.g., VISA TIP, data security essentials)–plus, provide 24/7 live support.

Understand where value comes from.

Partners who provide security services and tools in addition to PCI compliance provide confidence that your merchant locations are being consistently monitored. If cyber attackers are able to breach a merchant network, these services should include alerts to both the partner and the merchant. This protects the acquirer and avoids exfiltration of merchant data. 

Simplicity plus value equals happy merchants. I know what you’re thinking: merchants would only be happy if they didn’t have to do PCI compliance at all. While PCI DSS remains an industry mandate, SecurityMetrics’ innovation helps you strike the right balance for your merchants.

With the added power of a live threat intelligence center (TIC) and security information and event management (SIEM) tools that can report on threats and vulnerabilities by location, you can provide merchants even more peace of mind that they have a security expert watching over their business at all times. Level 4 merchants especially appreciate you helping them save money and providing them with reliable tools. 

What about non-compliance fees? 

Many acquirers are starting to replace the revenue from non-compliance fees with revenue from managed security packages and services. 

Partners traditionally charge non-compliance fees to merchants that haven’t validated compliance; now, they have other options.

The overall goal of a PCI compliance program is to get a portfolio compliant and keep merchants secure. With SecurityMetrics, you can balance that goal and maintain the same level of revenue with managed PCI products and packages. 

For more information on how you can partner with SecurityMetrics, contact Robbi Watson at 801-995-6312 or rwatson@securitymetrics.com.

Robbi Watson has been at SecurityMetrics for eight years and in tech for twelve. His favorite thing about helping customers find compliance and data security solutions is the ability to create long lasting relationships with others in the industry. In his free time, Robbi enjoys blockchain, trading, and anime. 

Join Thousands of Security Professionals and Subscribe

Subscribe