PCI Risk Brings New PCI Service Provider Requirements Impacting ISOs

September 14, 2017 • Published Categories Industry Topics Tags ,

Independent Sales Organizations (ISOs) have risky business to attend to.

In the payments ecosystem, ISO businesses have a lot going for them. The recurring revenue model for ISOs is alive and well, and many have found success by specializing in specific market niches.

Sure, being an ISO is still very attractive, but there are also risk factors that can impact your business’s profits. As 2017 comes to an end, now is the time to turn your attention to new PCI service provider requirements that should have a big impact on the way your business addresses risk in 2018 and beyond.

2018 will bring 7 new PCI service provider requirements.

Starting February 1, 2018, ISOs, in their role as service providers, will be subject to 7 new PCI service provider requirements. Don’t think your ISO business is subject to this? Think again.

If you’re an ISO, how the new requirements impact you will depend upon how your business handles and potentially influences the security of credit card data:

PCI service provider requirements vary based on your ISO category

Ensure that your ISO business is ready.

As the chart depicts above, there are 3 distinct categories you can fall within. It’s important to know which of these categories best fits your business so you can understand and prepare for the impacts.

On Thursday, September 21, ControlScan’s Marc Punzirudu and I will be presenting a webinar on this topic. “The ISO’s Risky Business: Why and How to Apply New PCI Service Provider Requirements” will walk you through the upcoming PCI DSS requirement changes and their impact on service providers, including case studies of how these changes can potentially play out. We’ll also discuss how the PCI changes will impact your merchant portfolio and share some risk reduction strategies.

NOTE: The live webinar has taken place. Access the free replay here!