Joan Herbig CEO ControlScan

Newly released survey results from ControlScan and Merchant Acquirers’ Committee (MAC) show that over the past year, acquirers’ PCI program goals have shifted from a primary focus on risk mitigation to that of revenue generation. This and other key survey findings are detailed in the report, Risk and Revenue: Second Annual Survey of the Acquirer’s Perspective on Level 4 Merchant PCI Compliance.

The annual survey by ControlScan, an expert provider of PCI compliance and data security solutions for Level 4 merchants and the acquirers who serve them, and MAC, a payments industry organization for bankcard professionals involved in risk management, measures acquirers’ attitudes and objectives surrounding their Level 4 merchant PCI compliance programs. Level 4 merchants process fewer than 20,000 online credit card transactions or fewer than one million face-to-face credit card transactions annually. These merchants are typically small to mid-sized businesses (SMBs) and they represent 98 percent of all U.S. retailers.

 “Competitive pressures in the payments space impact how acquirers balance their merchants’ needs with their own business need for a healthy bottom line,” said Joan Herbig, CEO of ControlScan. “Traditional merchant services are no longer as profitable as they once were, so we’re seeing a conflict between risk and revenue play out in the way acquirers manage their PCI programs.”

Other key findings from this year’s ControlScan/MAC survey provide a unique, inside look into the differences between successful and unsuccessful PCI compliance programs, as well as the business drivers behind program trends. For example, the study found that acquirers reporting an organizational “lack of traction” for their PCI compliance program also report lower merchant PCI compliance rates and are more likely to have had a merchant suffer a recent data breach. These and other insights from the survey can be used to inform the decisions banks, processors and ISOs make as they re-evaluate their PCI programs.

“Acquirers should substantiate PCI-related costs and fees by offering their merchants sufficient return value for their investment,” said Susan Matt, CFO for MAC and CEO/founder of payments consulting firm ThoughtKey, Inc. “A robust PCI program can provide merchants the support they need to successfully meet and maintain compliance, while an ineffective program does not produce long-term value for either party.

The ControlScan/MAC Annual Acquirers Survey was completed in October 2012 by 123 banks, processors and ISOs with Level 4 merchant portfolios ranging from less than 1,000 accounts to more than 50,000.

Headquartered in Atlanta, Georgia, ControlScan is an expert provider of Payment Card Industry (PCI) Compliance and Security services designed to meet the unique needs of small to mid-sized merchants and the acquirers that serve them. The company’s flexible solutions, easy-to-use online tools and personalized support significantly simplify PCI and security for its clients. In addition, as an Approved Scanning Vendor and a Qualified Security Assessor, ControlScan is positioned to help merchants meet compliance requirements and maintain secure business environments for their customers.

MAC is dedicated to providing banks, ISOs and card associations with universal risk management solutions through ongoing communication and cooperation among its membership.