Don't Fear Standards, Profit From Them

Mandates, regulations, standards — these are all terms that should bring a smile to a VAR's face. Why? Because they all could lead to sales opportunities. The examples cross all technologies and industries, from content management VARs selling Sarbanes-Oxley-compliant solutions to supply chain integrators helping clients meet Wal-Mart's RFID (radio frequency identification) mandate. But oftentimes, identifying the problem (i.e. mandate, regulation, standard) and its implications on your client's business is as important as the solution itself. For instance, any VAR, integrator, or ISV (independent software vendor) that has retail or hospitality clients who accept credit card payments should understand the Payment Card Industry Data Security Standard (PCI DSS). This standard outlines what merchants must do regarding the security of credit card data — and it's not simple. The standard  also doesn't just apply to large merchants. In fact, it's the smaller (i.e. any merchant processing fewer than 20,000 Visa e-commerce transactions per year) restaurants and retailers that are now being targeted by the card association for audits. "Some merchants don't even know they are at risk," explains Brad Holaway, president of Copperstate Restaurant Technologies and a member of the RSPA (Retail Solutions Providers Association). "Some of these smaller companies don't understand how to conduct the [credit card processing] self audits, and therefore, they don't do it. But if a credit card security breech is traced back to a merchant, the fines could potentially exceed $500,000. And that's just the cost of the fine. A forensic audit could tag on another $17,000 or more." Could  your smaller clients withstand these kinds of charges? Probably not. Which means you lose a client.

Since thieves are targeting these smaller companies to obtain credit card information, the time is now for you to capitalize on the need for payment security knowledge. First, understand how to identify the problem and its implications by learning about the PCI DSS at http://www.pcisecuritystandards.org/. You also could contact the RSPA (http://www.gorspa.org/), which is becoming the de facto conduit between the channel's software developers and the PCI SCC (Standards Community Council). In fact, RSPA Executive Director Joe Finizio is working directly with Visa and its efforts with the PCI SCC. Second, you could partner with the RSPA (which is working with approved auditing companies) to obtain auditing services to resell. 

Adding a new type of service like this could be a boost to the lagging hardware margins you're used to, especially if you're a POS (point of sale) VAR. But there's another advantage to learning about this or any other standard in your industry — you become more than just a provider of technology solutions; you earn the title of trusted advisor, consultant, or even business partner. After all, if you can identify a credit card system security breech or a way to prevent possible future breeches, and save your customer thousands of dollars in fines, it's likely you'll earn a customer for life. And that should keep any VAR smiling.