The opportunity to build a new or expanded PCI Compliance practice is here. With the PCI module you can provide:
PCI ASSESSMENT SERVICES
Assess the Cardholder Data Environment and provide an ad hoc PCI assessment for a one-time charge.
PCI REMEDIATION SERVICES
Provide project based remediation services to address the security vulnerabilities.
PCI COMPLIANCE SERVICES
Offer full PCI managed services to produce mandatory reports and provide ongoing remediation.
How to Justify PCI Compliance Services to Your Clients and Prospects
In 2006, MasterCard, Visa, JCB, American Express, and Discover established the PCI Security Standards Council, a 3rd party entity, to manage the Payment Card Industry security standards and to promote the standard’s implementation by all its merchants that accept credit/debit cards, including businesses at retail locations, online, and through mail order. The PCI Council requires its merchants to:
Banks Can Be Great Sources of Referrals for New Clients
There are usually two financial institutions involved with your client’s credit card business. The first is the Commercial Bank, where your clients and prospects do their regular banking and have their business bank accounts. The second is the Acquiring Bank, which is the financial institution that has an agreement with your clients and prospects to process and deposit payments made by credit and debit cards in the regular business bank.
It goes without saying that, at the end of the day, the financial institution carries the risk if there is a data breach and their clients are incapable of covering the loss and paying the fines. The banks would love it if all of their clients with merchant accounts had a professional IT services firm doing ongoing PCI compliance work.
Start with your own commercial bank. Explain the PCI services that you offer, and see if the bank is willing to refer you to their clients. Try proposing a partnership arrangement whereby you will do a free “preliminary assessment” for the bank’s merchant account clients, with the understanding that if issues are discovered that require remediation, the bank will compel their clients to use your remediation services.
Also, keep in mind that the major card issuers, Visa, MasterCard, JCB, American Express, and Discover Financial Services, require their own PCI Compliance reports so that means your clients likely have more than one Acquiring Bank to deal with.
Overcoming the Objection: “We Can Do It Ourselves”
Many merchants don’t fully understand the requirements and their responsibilities when it comes to maintaining PCI Security Compliance. When they find out, many businesses think they can do it themselves.
The PCI Security Standards Council does permit the merchants to do self-assessments, but without a tool like Network Detective, they would find it very difficult to collect all of the data and generate the required reports.
If you come across this objection, send them over to the PCI Security Standards Council official website to see the requirements. The more they read, the more they will realize that they need help.
Make sure your clients understand that even if they are able to do their own PCI assessment, once that has been completed, a signed Attestation of Compliance must be executed and sent to the Acquiring Bank along with a number of documents that include:
Remediation plans detailing how the Merchant plans to address unmet PCI Requirements and in what time-frame
Compensating controls worksheets
All Evidence of Compliance documentation either prepared by the Merchant or by the Security Assessor
The Network Detective PCI Compliance module generates all of these documents automatically and even includes a direct integration with an ASV solution that allows you to set up and run the mandated quarterly ASV external vulnerability scans.
Show your clients and prospects sample reports with your branding, and let these sell your services for you!
LET US SHOW YOU HOW IT WORKS!
All subscriptions include free training and help onboarding your first client. Not yet ready to buy? Request a demo and we’ll show you how it works.