The Downfalls of a Traditional PCI Compliance Program

Traditional PCI Compliance Downfalls-Banner

The Downfalls of a Traditional PCI Compliance Program

PCI Compliance. For many bankers, the words send a shiver of dread down their spines. For others, PCI Compliance is something they’ve only heard about in passing, but how important is it really? The confusion and frustration surrounding PCI Compliance is largely because traditional PCI Compliance programs do not address the practice in a way that is beneficial to you OR your merchants.

PCI DSS stands for Payment Card Industry Data Security Standard. Meeting these standards is a requirement for any merchant accepting credit cards, but the process of becoming compliant can be difficult. At the very least, your merchants must complete an annual questionnaire, filled with industry-specific verbiage. Then, depending on processing method, vulnerability scanning may be required as well.

Sound confusing? It usually is. And that’s because a traditional PCI Compliance program isn’t really much of a program at all. Most processors outsource their PCI program to a 3rd party who only sends an email to your customers and won’t assist further with PCI Compliance. Your bank deserves more. Partnering with a provider that handles PCI in-house can shield you from these potential downfalls:


Increased Fees

You want to grow your portfolio and retain your current customers. To do that, your merchants need to be priced competitively. And while we’ve established that most processors do not assist with PCI Compliance, it’s important to know that they will still bill your customers for non-compliance. Non-compliance fees usually range from $20-$30/month but can cost upwards of $100/month with processors that see non-compliance as an opportunity to increase their profits.

Unfortunately, the costs don’t end there. If your processor does not offer a comprehensive PCI program, your merchants might be stuck in a contract with another 3rd party provider—just so they can meet PCI DSS requirements. And even just a basic PCI Compliance solution can cost hundreds of dollars a year.

If your partner does not take a comprehensive approach to PCI, it’s likely that your merchants are, literally and figuratively, paying the price.


Click image to enlarge

Frustrated Merchants

When you partner with a credit card processor, you’re recommending their services to your merchants. If you place your trust in the hands of the wrong processor, you’re putting your own reputation at risk.

Consider this. You sign a new merchant account. Everything is going well, and then 90 days in, they call your bank, livid, because they were billed a non-compliance fee on their most recent statement. They weren’t notified that they would be billed, and no one contacted them regarding PCI Compliance. Your bank might not have billed the merchant, but it recommended the organization that did, and that means customers will blame you for the negative experience.

Unfortunately, the situation is unlikely to improve from there. A typical processor will not explain the necessity of PCI Compliance.  Instead, they will sit back and collect non-compliance fees. You can recommend that your merchant become compliant in order to avoid future fees, but how do they do so? If your processor won’t help them, and your bank is not equipped to help them, your merchant will have to navigate the PCI process on their own—and we’ve already touched on how confusing that can be.

Now, put yourself in the merchant’s shoes. Would you want to continue doing business with the bank that got you into such a frustrating and expensive situation?


Less Time to Grow Your Portfolio

If your bank takes a more hands-on approach with merchants, it’s likely that they’ll call you with questions about PCI Compliance. This can waste an extensive amount of time. PCI Compliance is one of the biggest time wreckers in merchants services and will eat up valuable time that you could be spending growing your portfolio. Imagine walking through a two-hour long quiz with every single one of your merchants, every single year.

If no one is available to help your merchant, they may turn to the internet, which is full of misinformation. These merchants may complete the questionnaire without a full understanding of the standards or just remain non-compliant. This leaves them vulnerable to a data breach. And if you think PCI is time-consuming and expensive, talking a merchant through the action steps required after a breach is even more so.

Your merchant will need to identify the cause of the breach, and the card brands will require them to become PCI Compliant or stop processing cards altogether. Then, they will need to inform law enforcement and ALL impacted customers. That merchant will need the support of your bank throughout this entire process. And that will take a tremendous amount of time and resources.


Final Thoughts

For any business that accepts credit or debit cards, PCI Compliance is unavoidable. But it doesn’t have to be something you and your merchants dread each year. The annual questionnaire should be viewed as an opportunity to deliver a great customer experience to your merchants every year.

At BASYS, we value your merchants’ time and security. That’s why we have an in-house team of dedicated specialists to proactively call your merchants and help them through the entire process of achieving and maintaining PCI Compliance. No expensive 3rd parties. No surprise fees. Just a helping hand to make sure your merchants are processing as safely as possible.

BASYS Processing as a business partner 

If your processor isn’t delivering strategies to help grow your program and personal service to your customers, please call BASYS Processing at (800) 386-0711. Let’s talk about creating a business partnership that will help you meet and exceed your goals. 

BASYS Processing features: 

• A friendly, live voice will answer the phone when you or your customers call; no automated phone systems.
• In-house PCI Compliance team to walk your customers through the process step-by-step, improving security and reducing costs.
• Thorough Market Analysis followed by mutual plans and goals to grow your portfolio.
• In-depth initial training and ongoing bootcamp training for bank staff.
• A full suite of turnkey marketing assets that can be customized with your bank branding. 

About BASYS Processing 

BASYS Processing provides credit card and debit card processing services, plus solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe and affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personal Payment Processing. 

Learn more at, and connect with us online at: