Questions to Ask When Choosing a PCI Program Provider

Questions to Ask When Choosing a PCI Program Provider

This post contains part of the text from the Questions To Ask When Choosing A PCI Program Provider Checklists.

To view the full interactive checklist, download the PDF

What Makes a Good PCI Program?

An effective PCI program will make PCI compliance easier for merchants and acquirers.

If a PCI program is easy for acquirers but unhelpful for merchants, then the PCI program isn’t going to be successful in the long run. Simplicity, support, useful add-on products, and cost should all be considered when looking for a PCI program.

Simplicity

Complexity can be a barrier to merchants becoming PCI compliant.

Remember, the ultimate goal of a PCI program is to help merchants become compliant to avoid breaches, fees, lawsuits, while maintaining customer trust and loyalty. Making it easier for merchants to be PCI compliant and avoiding a potential data breach should be top priorities when choosing a PCI program.

Questions to determine whether or not the PCI program will be simple:

• Do acquirers have the ability to pre-populate and answer questions for merchants?
• Does the program offer a simple SAQ process?
• Does the program combine SAQs if needed?
• Is there an easy way to keep track of merchant compliance?
• Is there a way to customize scoping to easily get more insight into how the merchant is operating their business? (i.e., find more opportunities to help them)
• Is there an easy way to access reports and pull reports?
• Is there a way for merchants to have a clear and comprehensive view of their data security and compliance?
• Is there a way to know how satisfied my merchants are with their compliance program?
• Will this PCI program handle L1 and L2 merchants in addition to L4 merchants?

Support

A PCI program should have excellent technical support.

If acquirers and merchants know that they can easily get the technical support they need, they will be more likely to reach out when they run into issues with PCI compliance.

Questions to determine what PCI program support will be given:

• Do you offer technical support in addition to help desk-level support?
• How difficult is it to get in contact with support?
• What are the support hours?
• What is the average speed to answer?
• What are the options for contacting support (e.g., phone, email, live chat)?
• What are the qualifications or expertise level of the support team?
• What other additional resources are available to support me through PCI compliance?
• Does the PCI program have a process in place to assist level 1 and 2 merchants with security assessments?
• Is there a process in place to assist level 3 and 4 merchants with self-assessments and compliance reporting?
• Can they report progress directly to the acquirer?

Cost

Define your budget by asking yourself, “what do I hope to get out of my PCI program?”

If you’re looking for a high-quality program that will help merchants achieve and maintain compliance in the simplest way possible, it will cost you more than a program that sells mediocre support resources. However, you can more than make up for this cost by potential revenue offered by the program.

Questions to determine the cost and potential revenue:

• What is my budget for a PCI program?
• What is my objective for purchasing the PCI program?
  • How will that factor into my cost?
• What products am I getting with the PCI program?
• Are there revenue options?
  • What is the quality of those revenue options?
• Do they offer quality add-on products?