How to "Sell" PCI Compliance to Your Retail Clients
You’ve done your research, considered some “PCI DSS worst case scenarios,” and you’ve come to a big realization: It’s super important that your retail clients comply with the Payment Card Industry Data Security Standard (PCI DSS), ASAP.
But there’s still someone else you need to convince: your client.
Even the most well-intentioned of retail business owners may be resistant to changing their security policies and protocol in order to adhere to PCI standards. Whether they feel that they simply don’t have the time or the money to upgrade their systems, or think that the PCI requirements don’t really apply to them (“They’re looking for big companies to comply, not small ones like mine.”), your retail clients might not yet see the need to make PCI compliance a priority.
Educating your clients on the importance of PCI compliance—and offering them a real solution—will not only protect their best interests and future well-being; it will also offer you an additional opportunity to profit, and increase your value to clients as you prove yourself as a PCI compliance expert.
Let the facts do your selling
To “sell” PCI compliance to your clients, you really only need to present the facts. You see, any reason your client might throw out there for not wanting to make the necessary changes to comply with PCI regulations can be boiled down into one: They don’t think it’s necessary. But if you can show them the facts about PCI compliance and what’s actually at risk, they’ll see that it definitely is necessary. And if you can show them a security software suite that makes PCI compliance easy, practical, and affordable…well then, it’s a no-brainer.
The facts about PCI DSS compliance:
- Not complying with PCI regulations can have serious repercussions. Many non-compliant small businesses find comfort in the fact that companies usually only receive a probationary period after a first-time non-compliance offense. It’s a false comfort, though. After all, if they catch you once, your security process is obviously flawed and they could just as easily catch you again on your next transaction. Fines are hefty (anywhere from $5,000 to $100,000 per month, per violation) but rare; the more real threat is that banks may stop processing credit card transactions for you after violations. What would happen to your client’s business if they had to stop accepting credit card payments?
- Following PCI best practices is simply good business. PCI regulations might seem like a pain, but they were put in place for a reason. As technology advances, so do malicious hackers and the technology they use. When your client’s customers purchase something with a credit card, they’re trusting your client to protect that transaction. PCI standards really are reasonable, and adhering to them ensures that your clients are doing all that they can to keep their customers’ information safe and secure.
- Hiding PCI non-compliance is simply bad business. At some point, your retail clients have had (or will have) to lie about being compliant. Between prerequisite paperwork, audits, etc., keeping up the lie will certainly become more stress than it’s worth. Not to mention the risk your client is taking on each and every credit card transaction if they don’t have the needed technical safeguards in place. Should a security breach take place, the credit card information of their customers would be compromised, and the impact on business would be absolutely devastating.
Today’s advanced security software makes PCI compliance easy. Well-designed password management systems allow admin users to easily assign different permissions to different users, so that only users who need access to credit card information could access it. Reducing the number of users who have access reduces risk, and also reduces the amount of PCI training needed.