Page 35 - GS180601
P. 35
CoverStory
stated. "We're seeing more push for scope reduction. 2. Be compliant: advocate PCI compliance
Merchants understand the cost benefits and protections
of maintaining secure systems." When the PCI Data Security Standard was introduced,
many merchants believed achieving compliance would
When ISOs find noncompliant vertical applications in make them invulnerable to breaches. Some felt betrayed
different markets, they have to decide how to play in that when bad actors hacked their PCI-compliant businesses.
system and how to choose the right managed services Security analysts have noted today's merchants tend to
provider, Bucolo said. He suggested partnering with a think of compliance as a risk mitigation strategy but not
company that sees where the market is heading and how a silver bullet. Here are three additional considerations:
quickly it can change. "Merchant environments and the
user experience change all the time; companies need to EMV and PCI compliance: Michael Simpson, Principal
be flexible," he added. "They also need to help MLSs be Security Analyst at SecurityMetrics, has seen growing
good partners to their merchants. MLSs should control awareness of EMV (Europay, Mastercard and Visa) and
what is marketed to the merchant; the solutions should PCI requirements among small and midsize merchants.
fit their strategy." "Now that most merchants have EMV, what we've seen
in Europe and now in the United States is the hackers
Bucolo noted that numerous managed security services are not putting a lot of resources into counterfeit credit
exist, but not all are sold in the right way and for the cards; they have moved to ecommerce because it's an
right reasons. Solutions need to meet Payment Card In- easier venue," he stated. "And acquirers that previously
dustry (PCI) requirements and improve security pos- focused on large merchants are helping Level 3 and Lev-
ture while staying within a merchant's budget and op- el 4 merchants create compliance programs."
erational scope.
Compliance portals offered by acquirers and third-party
Payments industry knowledge: "Every business has providers enable merchants to fill out Self-Assessment
different needs and merchants have so many choices in Questionnaires (SAQs) and sign up for scans, Simpson
hardware and software," said Nate Hirshberg, Assistant said. The portals provide training based on a merchant's
Vice President of Marketing at Shift4 Payments LLC. equipment type and processing environment. "These
"Merchants appreciate the opportunity to work with portals can help merchants understand which SAQ is
knowledgeable sales agents who can help them navigate aligned to their environment and provide more infor-
the options and understand the process." mation about the controls, beyond yes and no answers,"
he said.
The Electronic Transactions Association created the ETA
Certified Payments Professional certification. Designed Business intelligence: Silvia Mensdorff-Pouilly, Gen-
to help MLSs master sales, pricing and interchange, eral Manager, Europe Processors and Networks at ACI
business processes, operations and workflow, products Worldwide, said advanced analytics can be a double-
and solutions, risk, regulatory compliance, and security edged sword. "There is a lot of good coming out of pay-
matters, the program fosters success in the competitive ments' enhanced connectivity and information flow, but
payments ecosystem, ETA representatives stated. as the recent [Cambridge Analytica] scandal at Facebook
has shown, we also have to deal with negative side ef-
Agility: Speed counts in security, where transactions fects," she said. The digital age created a wealth of data,
and fraudsters move fast. Benchmark data from ACI but we need to be careful about how we manage it and
Worldwide and Ovum cited real-time payments and make it specific to payments, Mensdorff-Pouilly added.
security as top concerns among retail, hospitality and
ecommerce merchants. The 2018 Global Payments Insight Merchants rely on MLSs to keep them up to date on
Survey: Merchants found 80 percent of respondents ex- industry trends, such as the European Union's Gener-
pect real-time payment methods to replace credit cards; al Data Protection Regulation (GDPR). The regulation,
61 percent believe they are at greater risk for a security which became law on May 25, 2018, gives European
breach than they were a year ago. citizens more say in how companies use their data. Non-
compliant companies could be penalized up to 4 percent
Replacing manual processes with agile solutions can of annual global revenue.
reduce costs and improve efficiencies. PerfectAudit, a
fintech platform developed by New York-based Ocro- "Europe is the gold standard when it comes to regula-
lus, uses advanced automation, character recognition tions," Mensdorff-Pouilly said. Noting that the GDPR
and algorithms to analyze data, detect fraud and man- was years in the making, she added that "technology is
age risk. "PerfectAudit replaces labor-intensive manual evolving faster than the regulations."
bank statement reviews with hyper-accurate, automated
file processing," said Sam Bobley, CEO at Ocrolus. "We Market knowledge: Mensdorff-Pouilly said market
review better, faster and more accurately. If you submit knowledge is critical because merchants need to provide
a document, we will read whatever we can and send consumers with better tools to control their data. "Savvy
the rest to crowdsourced workers. Our quality control consumers want to take back power in how their data
checks have 99 percent accuracy." is leveraged and controlled," she stated. "This is fueled
by recent scandals and rising concerns about how big
tech is using our data. While most consumers don't yet
35
