By Matthew Greco, Chief Revenue Officer, Serve First Solutions
Operating a business is, unfortunately, more than delivering value to customers and turning a profit. There are numerous regulations one must comply with to avoid costly penalties. Payment Card Industry Data Security Standard (PCI) compliance, in particular, is a pain for everyone, especially small and medium-sized companies in the business-to-business (B2B) space because they don’t have the same resources or workforce as larger corporations.
According to Verizon’s 2023 Payment Security Report, only 43% of American businesses were PCI compliant. Whatever the reason, failure to uphold proper PCI compliance will cause compounding fees while increasing the risk of data breaches and accompanying fines.
True Costs of PCI Non-Compliance Penalties
Payment processors give out PCI penalties monthly, with some penalizing hundreds of dollars a month. Unchecked, these penalties can add up to thousands of dollars a year. These fees live in the background, eating away at a company’s bottom line.
The reason card payment processors are so quick to hand out penalties is because they are getting penalized themselves by the banks for not having compliant customers. However, instead of passing through that penalty, payment processors create a profit center via these monthly non-compliance fees.
Confusion & Liabilities
If these penalties weren’t enough, understanding PCI compliance is a headache, as the monthly subscription receipt from payment processors includes compliance and non-compliance fees.
Even if a company pays the compliance fee, it could still get charged for non-compliance, making it difficult to parse out when and if the payment processor labeled them non-compliant. Additionally, non-compliance increases liability in the event of a security breach, resulting in potentially hefty fines.
On top of monthly fees, transactions can get downgraded if a business processes credit cards in a non-compliant manner, ultimately racking up losses for large transactions. While being non-PCI compliant doesn’t directly affect the processing rate, not following card association policy and procedures can negatively affect it.
Should a business process a credit card in a non-compliant environment, 2.5% of the transaction, whether from storing this story entire credit card numbers unencrypted in a readily accessible database, failing to implement strong password controls, not passing along the correct information required for the settlement to take place, etc., gets grossed up to 3%, creating a 50-basis point delta. That 50-basis point delta can balloon out of control throughout thousands of transactions.
How Merchant Service Providers Can Help with PCI Compliance
B2B merchants should partner with a merchant services provider to ensure fast, reliable and cost-effective payment processing in a PCI-compliant manner. Best-in-class partners offer several key services, focused primarily on supporting merchants dealing with card associations such as Visa, MasterCard, American Express, etc.
Some providers even offer proprietary solutions, such as technology that allows merchants to embed a surcharging line item on a credit card transaction so that the final calculation excludes the surcharge from the total receipt.
Leading merchant services providers will also help merchants register properly with the card associations and ensure merchants comply with the ever-evolving PCI guidelines. Likewise, they can monitor their customers’ programs to ensure they have the correct terms and conditions on their invoices and receipts, preventing the payment processors from creating a profit center in the surcharging environment and discriminating against cardholders. This dedicated support and services enable merchants to, for example, issue a surcharge for convenience fees in a way that the card association is aware of and can approve.
Helpful Considerations When Choosing an Ideal Partner
While B2B merchants should work with a merchant services provider to maintain PCI compliance, they must exercise caution when evaluating potential partners. Regrettably, the industry has its fair share of unsavory characters, with many providers being happy to charge high rates to help merchants uphold PCI compliance.
Other providers can, though well-meaning, lack up-to-date knowledge of current regulations and will make costly mistakes, such as forgetting to cap a surcharge at 3%, permitting surcharges in states that don’t allow them, or issuing surcharges on debit cards instead of credit cards.
These minor nuances have major implications, underscoring the need to partner with an expert in the merchant services space with the requisite certifications and qualified professionals. In other words, a B2B merchant’s mindset when searching for an ideal provider should be no different from the person who avoids a dentist who doesn’t have a Doctor of Dental Surgery after their name.
About the Author
Matthew Greco is Chief Revenue Officer
at Serve First Solutions, which specializes
in processing debit and credit cards for
small to mid-market businesses.
Recent PaymentsNEXT news:
As Credit Card Concerns Rise, Banks Look to ‘Sweeten the Pot’ for Debit Card Users