E-Complish Sees Shift to Outsourcing of PCI Compliance as DSS 3.2 Standards Become Mandatory

The True Cost of Credit Card Fraud

Financial Servicing Companies Are Seeing the Value of Outsourcing Payment Processing Due to PCI Compliance Costs and Complexities

Payments solutions provider E-Complish has recognized that because of the increasing complexity of PCI compliance and increasing costs of implementing and maintaining that status, businesses involved in any form of financial servicing are seeing, more and more, the value of outsourced payments processing.

E-Complish CEO Stephen Price says, “PCI Compliance is expected, not merely required. Companies are finding themselves caught in a proverbial catch 22 of business success versus compliance, with compliance becoming more and more expensive to maintain. Smart companies are outsourcing their payment acceptance and processing to Level 1 PCI Compliant Service Providers, like E-Complish, and reaping the benefits of security, cost-savings and more importantly, decreased liability while maintaining their business success.” 

Geoff Forsyth, CTO at PCI Pal, adds, “To be PCI compliant is a constant process. The annual assessment has, to date, only been able to check that the correct processes are in place. PCI DSS 3.2 will change that approach.”

The strictest credit card and web payments standard ever drawn up, all PCI DSS 3.2 compliance items became mandatory as of February 1st of this year. Maintaining PCI​ compliance is becoming so complex, and costly, that it seems ever more likely that only payments solutions specialists can hope to keep up with the standards and expenses involved.

Even the mere tip of the iceberg is complicated. All personnel involved in payments at any level have to have clearly defined security responsibilities. The secure handling and storage of cardholder data must be intensely micromanaged, and it must be put in writing in an agreement that it is payment service providers who are responsible for that security. Protocols and due diligence for interacting with payment service providers must be in place and strictly defined in writing. Annual, or even more frequent, monitoring of PCI compliance is demanded, while quarterly (or more frequent) self-reviews and the documenting of them to ensure personnel compliance is being followed have to be filed.

Compliance is very expensive as ever-evolving software applications, ongoing education, and well-paid staffers need to be employed. But the cost of non-compliance is even steeper. Any non-compliant financial servicing company could be faced with a litany of fines and other high costs.

Customers and credit card issuers would have to be fully reimbursed for any costs to them related to their being defrauded. Investigations into what caused, and what allowed, the fraudulent activity would need to be opened and paid for. New technology intended to prevent a recurrence would be demanded. Outraged customers would stop using the service provider and be likely to harm the provider’s image and reputation via word of mouth and social media. The provider would most likely be sued. All of this sound familiar?

“In my honest opinion, the concept of outsourcing payment liability is a no-brainer. I mean, why not? If I am on the other side of the fence and I have the opportunity to shift my payment security liability, and it is cheaper and better than if we did it in-house, then why not? Count me in.” Price says. 

Press Contact:

Marc Hopkins

888-847-7744, ext. 205

mhopkins@e-complish.com

Source: E-Complish, Inc.

Additional Images