Background
M&T Bank Corporation is a bank holding company headquartered in Buffalo, New York. It operates 780 branches along the East Coast. M&T Bank has always had a PCI compliance program for their merchants since the very beginning of the PCI DSS in 2004. In the first couple of years, their merchant compliance hovered around 2%.
In 2007, M&T Bank partnered with SecurityMetrics and saw their merchant enrollment numbers rise significantly. Today, over 44% of M&T Bank’s merchants are PCI compliant.
“I love the customer service—(SecurityMetrics) truly (has) the nicest people on earth. They are never rude, and they couldn’t be nicer to our merchants. I can’t imagine having to pick up the phone every day and think ‘I’m going to get yelled at again.’ But they do it well, they really do. I’m never disappointed. They always help (our merchants) in one way or another.”
- Carol Callahan
Senior Credit Officer, M&T Bank
Challenges You Faced With PCI Compliance
- We were stuck around 2% compliance for many years. Our biggest struggle was getting merchants educated and started towards compliance.
- Merchants would say “you gave us this terminal, so we’re compliant,” but they weren’t aware they needed to do more to become PCI compliant.
Resolving Challenges With SecurityMetrics
- SecurityMetrics worked with us to get more of our merchants into the program. They simplified the enrollment process for our merchants through consistent education and communication. With this improved process, we went from 2-3% compliance
to 44% compliance. - SecurityMetrics provides our merchants with free policy & procedure templates if they’re on SAQ A or SAQ B, which is a big selling point.
Goals Achieved Working With SecurityMetrics
- Our merchants are now more educated about the PCI process because of the educational resources SecurityMetrics provides, such as monthly newsletters and weekly blog posts.
- SecurityMetrics has simplified the PCI process for our merchants by providing them with the tools they need for compliance.