Sysnet, has published data showing that payment processors who offer managed Payment Card Industry Data Security Standard (PCI) compliance experience 31% better attrition than those who only provide self-service.
The data was released in a Whitepaper entitled “How Processors can increase PCI compliance revenue and reduce attrition by offering a managed compliance and security service”. It covers the issue of how fees charged to non-compliant merchants can result in a loss of revenue and increased attrition rates for payment processors.
It makes the case that over-reliance on fees for increased revenue provides no value as it doesn’t do enough to incentivise merchants to become PCI compliant.
These are the key points of the paper:
- Non-compliance fees are a false economy for processors as they do little to incentivise merchants to align with PCI regulations and there is not enough focus on providing merchants with the assistance to become compliant.
- Merchants can experience reputational damage, loss of revenue, inability to trade, fines and the demise of their business if they are subject to a data breach from not complying with the PCI regulations, so it is important that they do.
- By providing a managed compliance offering, processors can upsell their services and justify increased non-compliance fees, meaning the outcome of the new provision will likely be positive or at worst neutral.
- There are seven steps for replacing the non-compliance fee revenue model which can be found in the report.
- In an analysis of six clients that provided both self-service and managed programmes over a six month period, Sysnet found that managed programmes had on average, 31% lower attrition than self-service ones.
To read the full report click here.