ControlScan, a company that specializes in managed security and compliance products that help secure networks and protect payment card data, has released a research report detailing findings from its most recent payments industry survey of acquirers, ISOs, processors and payment facilitators.
The 2018 ControlScan/MAC Acquiring Trends Survey, which is an annual collaboration between ControlScan and the Merchant Acquirers’ Committee (MAC), found 38 percent of respondents tracking portfolio compliance rates either saw these rates decrease or remain the same in 2017. Decreasing or flatlining portfolio compliance rates are a red flag, indicating one or more PCI program issues must be addressed, according to a press release.
“Many ISOs and acquirers have succeeded in getting their merchants PCI compliant to begin with, but we were surprised to learn that so many of those same merchants are falling back out of compliance,” Chris Bucolo, director of market strategy for ControlScan, said in the release. “Ongoing communication about security and compliance is critical as the merchant relationship progresses.”
According to the report, 67 percent of those who saw a decreased portfolio compliance rate in the last year said their merchants were initially compliant, but did not revalidate annually thereafter. In addition, one third blamed falling compliance rates on increasing requirements under the PCI Data Security Standard (DSS).
Roughly 95 percent of acquirers and other risk-bearing payments entities have a formal PCI compliance program in place. The 2018 ControlScan/MAC Acquiring Trends Survey supports an ongoing effort to understand and share PCI compliance program best practices among payments industry stakeholders.
“We’ve gathered seven years worth of data on acquirers’ PCI programs, including who has them, their goals and achievements, and how they’re administered,” Bucolo said. “Gathering this data over time has allowed us to follow trends and share insights into what we’re seeing out there.”