Recent survey by ControlScan and the Merchant Acquirers’ Committee finds new strategies surrounding non-compliance fees, scope-reducing technologies.
MAC Level Up Conference – ControlScan, a leader in managed security and compliance solutions that help secure networks and protect payment card data, has released a new payments industry research report in collaboration with the Merchant Acquirers’ Committee (MAC). Among its findings, the ControlScan/MAC 2020 Acquiring Trends Report identifies new strategies ISOs, acquirers and other merchant service providers are employing in the face of increasing merchant PCI compliance challenges.
ControlScan and MAC have tracked various aspects of acquirers’ PCI programs—including who has them, their goals and achievements, and how they’re administered—since 2011. Gathering this data over time has provided the ability to follow trends and share unique insights into the state of merchant PCI compliance programs.
Acquiring Trends survey respondents consistently say that regular, ongoing communications and education are key to their merchant PCI compliance efforts. However, this year’s survey saw a rise (from 35% to 44%) in those who are realizing the benefit in combining communications with technology services such as managed firewall. Validated point-to-point encryption (P2PE) solutions, as well as end-to-end encryption (E2EE) also rated high for their ability to reduce PCI scope.
“When combined with regular communications and educational content, scope-reducing technologies and related services are a powerful way to make life easier for the merchant,” said Chris Bucolo, Vice President of Market Strategy, ControlScan. “It’s all about giving the merchant the tools and support they need to properly secure their business, without overburdening them.”
Other key findings from the ControlScan/MAC 2020 Acquiring Trends Report include:
- Keeping merchants compliant is a continuing challenge – From 2014 through 2018, portfolio compliance rates were on a healthy upward trend. In 2018, however, there began to be signs of slowing rate growth based upon 38% of survey respondents reporting that their rates had either stayed the same or declined. The 2020 numbers show a definitive downward trend, with only 26% reporting compliance rates above 60% (as opposed to 42% in 2018) and 23% under 25% (as opposed to 15% in 2018).
- Non-compliance fees are increasing in their significance – The percentage of those not charging non-compliance fees has historically been stable at around 17-18%. This year, however, the percentage rose to 23%. When asked about the drivers behind waiving non-compliance fees, an astounding 77% said they did so for strategic and/or competitive purposes. This year’s survey also found a widening divide between those who charge no non-compliance fees and those who are charging a non-compliance fee of more than $50 per month.
- High Compliance Rates and merchant risk reduction go hand in hand – Keeping merchant risk in check is a priority for virtually all respondents, with 86% saying it’s a high or top business priority. Further data analysis revealed that one-third of those who have made merchant risk reduction a top priority are achieving higher merchant portfolio compliance rates than the group as a whole.
“Running a successful PCI compliance program requires regular reviews of metrics and trends so that corresponding adjustments can be made,” said Bucolo. “Like security technologies, there is no ‘set and forget’.”
“The information we glean from our ongoing survey partnership with ControlScan is extremely valuable,” said Vadeene Sisk, Education Committee Chair, MAC. “High merchant compliance rates translate to reduced business risk, which is mission critical for the MAC membership base as well as the payments community at large.”