When Visa recently added more rules on its smallest merchants—PCI Level 4s—it created a sales opportunity for payment facilitators by giving SMBs an even stronger reason to outsource its payments activities. At the same time, it added more complexity to PCI management for those PFs.
Mike Cottrell, head of global sales and marketing at ProPay, tried to put the new rules into perspective for payment facilitators in this week’s PaymentFacilitator.com podcast.
The new rules will require Level 4 merchants to only secure POS systems through approved participants in PCI’s Qualified Integrators and Reseller (QIR) program. The big problem? There are more than 5 million Level 4 merchants and only 71 vendors currently on the approved list.
“As soon as you go into the QIR, from a PCI perspective, there are still all sorts of administrative things that a merchant needs to be compliant with. As a payment facilitator, I can have a compliant application, I can have compliant certified devices, encrypted keyboards, all of those types of mechanisms in place for my sub-merchants,” Cottrell said during the podcast. “At the end of the day, when you consider what it means to validate Level 4 compliance, there are other things that are still outside the payment facilitator realm. That’s where we have some questions and concerns to say ‘What policies and procedures do these merchants have in place?'”
The podcast, which clocks in at less than nine minutes, is available now.