Magazine Article | June 19, 2012

The Truth About Retailers & PCI

By Mike Monocello, editor in chief, Business Solutions magazine

An occasional topic amongst editors at Jameson Publishing, the parent company of Business Solutions, is getting “too close” to a topic. More specifically, we ask — due to our perspective, number of people we interview, the successful nature of the people we interview, the amount of knowledge we have, etc. — if maybe we’re missing the mark in our articles by assuming our audience knows the same things we know. Getting “too close” might also mean that, because of our skewed point of view, we overlook truths that exist. I must confess, at this point, that I think I’ve been too close to the payment processing world and have been negligent in pointing out an opportunity for our point of sale (POS) readers.

Our sister publication, Integrated Solutions for Retailers (ISR, a retailer focused magazine) recently conducted a survey of its retail readers on the topic of payment processing. I was lucky enough to get a sneak peek at the survey data the other day, and one of the question results blew me away. Honestly, it blew away the ISR editor as well. The survey asked retailers — who, as you should know, are mandated by PCI (payment card industry) to meet certain security standards — a slew of questions about their current payment security situation. Topics and terms like PCI, SAQ (Self-Assessment Questionnaire), P2PE (Point to Point Encryption), and card data breach protection programs were mentioned throughout the survey. At the end of the survey, respondents were asked to identify terms they were unfamiliar with that were mentioned in the survey. Ready for this? Thirty percent didn’t know what an SAQ was. Unbelievably, 1 in 10 was unfamiliar with the term PCI! Other terms and concepts didn’t fare much better. And here I thought PCI and its requirements were wellknown and kind of old news.

Looking closer at the data revealed that many of these uneducated retailers fall into the tier-3 and -4 categories (although there were larger retailers who were also unaware). What this means is that you get yet another opportunity to play your trusted advisor card and help these retailers out. That is, assuming you, yourself, are well-versed on the PCI DSS (Data Security Standard). There’s a great opportunity to add PCI-related services to your linecard.

If you’re not hip to PCI, I’ve got good news: The RSPA (Retail Solutions Providers Association) offers educational courses to help get you up to speed and on your way to providing not only priceless advice to your customers, but services you can turn into a revenue generator.