Acquirers: There is a Better Way to Manage Merchant Portfolio Risk

PCI portals have failed to move with the times. Acquirers need a better way to manage risk. They need an actionable risk intelligence capability with security scoring and streamlined onboarding.

From static compliance to dynamic risk management: why acquirers need to move with the times

Payment card data security can be a challenge even for larger merchants. Confused by the scale of the technical challenge and turned off by the cost and complexity of PCI DSS compliance, many have allowed risk to grow to unacceptable levels. It’s time for acquirers to seek a new way: ditching current one-size-fits-all compliance approaches to embrace a more agile and dynamic way to manage merchant portfolio risk.

Struggling with complexity

Nearly 90% of acquirers believe their merchants struggle to understand which security tools they need to keep the business and their customers protected. They are right. A similar number are also unhappy about rates of PCI compliance among their merchants. Again, they have a point.

In fact, according to Verizon: “fewer and fewer organizations are demonstrating the ability to keep a minimum baseline of security controls in place.” In the latest year for which figures are available (2019) less than 28% of global organizations achieved 100% compliance during their interim compliance validation. This is almost a nine percentage point drop from the year before.

One size fits none

The traditional one-size-fits-all approach to compliance remains at best a tick-box exercise for many merchants. At worst, many SMEs (Small and Medium Enterprises) don’t even engage with programs because they view compliance as an extra administrative burden they could do without — especially during a global financial crisis.

So what’s the answer? For a time, it was thought that non-compliance fines could drive changes in merchant attitudes to risk. However, even most acquirers now agree that they aren’t the answer. Compliance continues to fall, while half of UK organizations last year reported a serious breach or cyber-attack.

The problem with PCI portals

Can PCI portals help? Unfortunately, they’re ill-equipped to tackle the above challenges, for several reasons. Traditional PCI portals:

  • Focus on evidence of PCI compliance rather than portfolio risk
  • Add too much friction to sales and onboarding processes
  • Consume acquirer and merchant time and resources
  • Only cater to acquirer compliance reporting requirements in relation to SME merchants

A new approach

In short, PCI portals have failed to move with the times. Acquirers need a better way to manage risk. They need an actionable risk intelligence capability with security scoring and streamlined onboarding. A marketplace of solutions and services tailored to the specific needs of their merchants’ risk profile.

That platform exists today. ZeroRisk is to cyber security and PCI compliance what QuickBooks is to invoicing and tax reporting. With ZeroRisk there’s no need for scores of staff to manage your portfolio. Nor is there any requirement for merchants to answer questions they don’t understand or use tools they don’t need. We offer merchant portfolio risk management made simple: automated, efficient and intuitive.

Want to be a part of a revolution in PCI compliance and risk management?

Let's get started

Thank you!
‍Our team will contact you as soon as possible.
Privacy Policy
Oops! Something went wrong while submitting the form.