Do you know how many clients you have? (We’re betting you can answer that in your sleep.) But do you know how many of your clients are completely PCI compliant? Probably not. Sixty-one percent of MSP clients use credit cards, but 72% are not PCI compliant, according to the “2020 Verizon Payment Security Report.” That puts both you and your clients in a very dangerous position.
Compliance is not optional, and noncompliance can result in monthly fines, data breaches, lawsuits and losing the privilege to process credit card information. If this happens, your clients will be looking at you for answers.
What Is PCI Compliance?
Started in 2004 to protect consumers from fraud, the Payment Card Industry Data Security Standard requires any company that transacts electronic payments, like credit cards and electronic checks (i.e., ACH transfers), to comply with PCI regulations. Today, more than 82% of Americans use digital or online methods to pay for expenses, according to a McKinsey & Company survey. However, most businesses are paying thousands of dollars in noncompliance fees and have no idea.
Why Should MSPs Care If Customers Are Not PCI Compliant?
1. Your Client Expects You To Handle It
Much of what you’re already doing falls under PCI compliance, so your client assumes you’re handling everything related to compliance too. It’s an implied risk that you have zero control over. When a merchant determines a business is noncompliant, they post a monthly noncompliance fee, usually between $25 and $100, on a digital statement no one sees for months, even years. Who do you think the business will blame when they find out? You.
2. It Improves Client Retention
Prospecting MSPs who understand the importance of PCI compliance will point out hidden noncompliant fees to your clients and argue that you’re not doing your job. Be proactive and pay attention to PCI compliance to keep your clients where they belong, with you.
3. It Will Land You New Clients
PCI compliance is also an effective prospecting tool. Ask businesses for a copy of their merchant processing statements during your prospecting process and inform them of noncompliance fees. Ask them why their current MSP isn’t handling this. It’s an excellent way to win new business with little effort.
How To Help Your Customers Enforce PCI Compliance
Businesses want a skillful, guiding hand to help them enforce PCI compliance. With the right tools and resources, you can easily add significant value to your services while ensuring complete PCI compliance for your clients. Here’s how:
1. Assess Customer Lists
There are two ways to do this. You can review a list of all your clients, determine who takes credit cards and then identify who is compliant. However, most MSPs don’t have the workforce or resources to do this. An alternative option is to use a service like Secure Payments that will do the legwork and assess who is noncompliant for you.
2. Get All Customers Compliant
Next, you must get all your noncompliant customers up to speed with their merchant. Make sure clients are filling out self-assessment questionnaires and running vulnerability scans. Again, if resources aren’t on your side, compliance tools like Secure Payments do this for you, often within 60 days.
3. Connect Them With A Secure Payment Solution
When customers find out they’ve been paying up to $100 a month in noncompliance fees for over a year, they’re ready to find a new merchant. Most merchant activity is a blind spot for MSPs. Still, if you are enrolled in programs like Secure Payments with a compliant Payment Gateway, all their compliance is handled in one place, so you can be sure your clients have a full-service solution for PCI compliance.
The use of electronic payments is increasing every year. MSPs must deal with the unavoidable implied risk of PCI compliance. If you don’t, someone else will. With the right tools, your proactive efforts add immense value to client security and keep you both out of the hot seat.
