Security experts often say that the chain is only as strong as its weakest link. All businesses that work collaboratively, no matter the type of relationship, should be supporting one another to ensure that security best practices are in place and compliance with the Payment Card Industry (PCI) standard is being met. This is especially true for small-to-medium-sized businesses (SMBs), where one bad breach could be the difference between the company’s life and death.
SMBs need support from their partners to remain secure. In the payments space, this means acquirers help SMBs with payment security. Acquirers and ISOs have a unique opportunity to assist SMB merchants in ways that significantly ease their ability to achieve and maintain PCI compliance.
Surveys have shown that SMBs will look to the company they do their payments processing through for questions and advice. When it comes to PCI compliance, there are three primary ways in which acquirers help SMBs.
- By helping put the appropriate security tools in place. The first step is to supply merchants with the security tools and online compliance management solutions they need to remain compliant with the latest security standards. These online security solutions provide the baseline needed to achieve PCI compliance and put the merchant on a path to a strong security posture. It’s best to keep it simple from the start and giving SMBs easy access to the tools they need is one way to do just that.
- By remaining engaged with SMB customers. It is also vital for acquirers and ISOs to be actively engaged with their SMB customers. Acquirers are the best sources to help foster an ongoing dialog on best practices for achieving PCI compliance, remaining compliant, and operating securely. The ongoing situation with the COVID-19 pandemic highlights the benefits of this as many merchants added new payment processing options to stay afloat. Unfortunately, added payment options can increase their risk footprint, making ongoing touchpoints and assessments a must.
- By bringing in the experts through a managed service. Finally, the best method of ensuring SMBs remain PCI complaint is leaving it to the experts. A managed service solution means that the merchant doesn’t need to worry about the day-to-day security controls and assessment; all the tasks associated with retaining PCI compliance can instead be left up to professionals who can put 100 percent of their attention on ensuring that compliance is met. This solution takes the difficulty away from the SMB, so that they can focus on growing their business.
It is vital that SMBs remain secure and PCI compliant if they want to survive and grow, and some of that responsibility lies with us to educate merchant partners. Read my additional thoughts in the Green Sheet here.