Guest Column | November 15, 2013

How Increased Compliance Insight Can Strengthen The VAR's Role


By Victoria Strayer, Sr. Director, Enterprise Business Compliance, TSYS

Retailers have made it clear that payment risk mitigation is one of their major concerns. They expect it to be of equal concern to you.

With transition to EMV (Europay/MasterCard/Visa) on the horizon, PCI (Payment Card Industry) and regulatory compliance initiatives ongoing, and a blossoming landscape of alternative payment channels before us, the U.S. retail payments landscape is in the throes of major evolution. Some change (i.e. EMV) is designed to mitigate merchant and consumer risk, albeit with added expense and complexity. Some (e.g. mobile payment technologies) intend to create faster, easier and more convenient payments for consumers and merchants.

In this intricate environment with an expanding cast, a VAR might question its role as guardian. At times, some VARs will take a back seat on changes happening in the payments arena, unless it drives short-term reward and revenue. Too many still assume that security and compliance are the sole responsibility of their vendor and payment network partners. Some rush to integrate the latest technology buzz with little forethought or consultation regarding payment risk. These are serious omissions because:

  • The VAR is a valuable and critical link between the merchant, the processor and the acquirer. To the merchant, the VAR is often the face of the payment environment — an ambassador. At our recent client risk advisory meeting, a recurring theme was the desire for stronger partnerships among VARs, processors and acquirers beyond the sales cycle and basic transaction facilitation.
  • Ignorance of interrelated payment trends can cost business and customers. VARs have an opportunity to put their expertise on display. Playing the role of silent accommodator to merchant requests for the latest unproven trends could be a longer-term misstep. Steering merchants toward viable alternatives that have been properly vetted for risk exposure decreases the likelihood of downstream redesign and expense.
  • A concerted effort among all stakeholders sends a better message to regulators. Building a risk mitigation layer into a VAR’s product set today may pay off tomorrow, and not just in terms of a stronger value proposition. Increased oversight by regulators could spill into the ISO and VAR channel. It is incumbent upon each stakeholder, including the VAR, to be conscientious and proactively demonstrate an ability to protect the payments ecosystem.

The Dynamics Of Risk: A VAR’s Challenge
For the VAR, the constantly changing payments landscape creates a dichotomy of sorts. On one hand, merchants expect their VARs and integration partners to lend creative solutions to their POS and retail systems environments. On the other, they expect that security and compliance features are “baked in” at no additional cost.

Understanding the security and compliance issues in an everchanging and multi-level regulatory environment doesn’t create a groundswell of profit opportunity. However, it is the cost of doing business and of keeping that business.

Still, the VAR’s role in the mitigation of merchant risk — and the shaping of tomorrow’s retail payments infrastructure — can’t be overstated. Demonstration of that role goes a long way toward gaining and maintaining the trust of retail customers and the market at large.

Front-Line Support: The Processor’s Responsibility
Creating a safe and reliable payment experience for merchants and consumers requires payment networks, acquirers and processors to recognize their role in setting up the VAR community for success. This includes establishing an engagement model that flows timely information to VARs and supports their effort to provide creative and profitable, yet riskaverse solutions. As a result of recent payment data breaches, some payment networks have vastly improved their outreach to VARs and integrators, giving them increased exposure to compliance mandates and a venue to express their concerns and integration challenges.

Equally important is the broader payment community’s acknowledgment that for most VARs, payment security doesn’t “butter the bread.” While demonstrating compliance savvy is fundamental for many of us, VARs don’t get paid to study regulatory compliance. Many are creatively shaping the future of commerce and need knowledgeable partners vigilantly guiding them through the risks to the rewards. This reality underscores the importance of strong partnerships, relevant information sharing and engaged collaboration among stakeholders — from the payment networks, the processors and through to the entire integration community.