Step 1: Engage all internal resources
Prior to an acquirer starting a PCI Compliance program setting out guidelines to a merchant everyone one in the Management team must be on board for a PCI compliance solution, it must be a company decision.
"No matter is an acquirer has a large or small merchant base, the acquirer has to make sure that PCI compliance is important at all levels of the acquirer management team," said Stanton.
"It's your job to communicate the need for all merchants in your book of business meet the PCI Compliance DSS standards, you need to raise the awareness of PCI at all levels of your organization."
According to Stanton, acquirers are in the best position-contractually-to help a merchant, and acquirers have ample incentives to make their portfolio of merchants get on board with PCI compliance, including making them aware of the tools of PCI compliance.
"It's a large decision to step towards a PCI compliance program but it may be one of the wisest ones you will ever make," he added.
Adding to the swirl of confusion, as of July 31, 2007, Visa Inc. is making all acquirers submit a summary of their small merchant-Level 4-compliance plans, as well as requiring acquirers to provide data-security education to its small-business customers.
In addition, Visa is partnering with the National Federation of Independent Business (NFIB), to offer a new Web site, with free information, including webinars, educational materials and tools to assist educate small-business owners.
Whether these tools work or not remains to be seen as compliance dates loom. However, internally, for Greenberg and PowerPay, statement messages and direct contact have worked for all levels of merchants. According to him, all of PowerPay's Level 1, 2 and 3 merchants are fully PCI compliant, and level 4 merchants are not far behind.
"Currently we only send statement messages and contract verbiage for level 4 merchants, plus direct contact for level 1, 2 & 3 merchants," he stated.
"Once our level 4 plans have been solidified, we will have a very direct approach with our remaining merchants that will include statement messages, e-mail, direct mail and phone contact."
 Print this page
 Send this page to a friend
Introduction
Who is the acquirer?
Step 1: Engage all internal resources
Step 2: Acquirers and ISOs-Identify and partner with a qualified ASV and/or QSA
Step 3: Engage all external resources to make your merchants aware of PCI Compliance
Step 4: Supply the tools that the merchant needs for PCI compliance
Step 5: Implement and maintain a proper tracking and reporting system
Other considerations for acquirer and third-party provider back-end best practices
|
| |
|
