The Shocking Truth About Retailers & PCI

By The Business Solutions Network

If you can't tell by the headline, the story I'm about to tell amazes me.

An occasional topic amongst editors at Jameson Publishing, the parent company of Business Solutions, is getting “too close” to a topic. More specifically, we ask — due to our perspective, number of people we interview, the successful nature of the people we interview, the amount of knowledge we have, etc. — if maybe we’re missing the mark in our articles by assuming our audience knows the same things we know. Getting “too close” might also mean that we overlook truths that exist because of our skewed point of view. I must confess, at this point, that I think I’ve been too close to the payment processing world and have been negligent in pointing out an opportunity for our point of sale (POS) readers.

Our sister publication, Integrated Solutions for Retailers (ISR, a retailer focused magazine) recently conducted a survey of its retail readers on the topic of payment processing. I was lucky enough to get a sneak peak at the survey data the other day, and one of the question results blew me away. Honestly, it blew away the ISR editor as well. The survey asked retailers — who, as you should know, are mandated by the PCI (payment card industry) Security Standards Council to meet certain security standards — a slew of questions about their current payment security situation. Topics and terms like PCI, SAQ (Self-Assessment Questionnaire), P2PE (Point to Point Encryption), and card data breach protection programs were mentioned throughout the survey. At the end of the survey, respondents were asked to identify terms they were unfamiliar with that were mentioned in the survey. Ready for this? Thirty percent didn’t know what an SAQ was. Unbelievably, 10% of retailers were unfamiliar with the term PCI! Other terms and concepts didn’t fare much better. And here I thought PCI and its requirements were well-known and kind of old news.

Looking closer at the data revealed that many of these uneducated retailers fall into the tier-3 and -4 category (although there were larger retailers who were also guilty). What this means is that you get yet another opportunity to play your trusted advisor card and help these retailers out. That is, assuming you, yourself, are well-versed on the PCI DSS (Data Security Standard). There’s a great opportunity to add PCI-related services to your line card. Offering such services not only can provide you with a new service to offer, but it can get a great conversation started with your customers and potentially lead to additional hardware and software sales.

If you’re not hip to PCI, I’ve got good news: The RSPA (Retail Solutions Providers Association) offers its PCIwise educational courses/certification program to help get you up to speed and on your way to providing not only priceless advice to your customers, but services you can turn into revenue generators.