Acquirers across the globe now expect their Level 4 merchant client-base to be performing at PCI compliance rates of at least 70% or above, a new report reveals.
According to research from the Irish-based cyber security specialists Sysnet, who surveyed 30 global acquirers, acquirers also believe they have more responsibility and a duty of care to their merchants with eight in ten wanting to do more to drive awareness of PCI compliance matters within their client base.
This shift in opinion may be down to the advancement of managed services which are now deemed critical to the compliance process. These services have been particularly beneficial to SMBs, as processes and services are tailored to meet smaller businesses’ resources and requirements.
PCI DSS assessment is wrong and outdated – why it’s time for change
“By incorporating a managed service into your PCI compliance offering, providers will see higher compliance rates among their merchants,” said Gabriel Moynagh, CEO of Sysnet.
According to the report, 72% of respondents want to move away from obtaining income through PCI non-compliance fees, an increase of 20% on last years’ figure. Almost 60% believe that adding merchants to a managed compliance service is a viable alternative to charging for non-compliance.
The five myths of PCI DSS compliance, debunked
“Current methods of charging fees to force merchants into complying simply do not work,” added Moynagh. “We’ve seen that the key driver for raising compliance rates is that acquirers are now providing a managed service to support merchants through the journey.
“Not only does this change mean acquirers will migrate from a dependence on non-compliance revenue, but will also provide a preventative and responsible approach which in turn is driving higher expectations in the industry.”