PCI DSS Benefits

Throughout the years and discussions with our clients, PCI DSS is always a hot topic. Since the compliance to the standard is often complex and pricey, the part of the discussion is also why would you need it? Here we will try to give a few examples why becoming compliant could be a good idea for your business.

Use your own tokenization

• Switching to other acquirers can be done instantly and dynamically, the switching doesn’t need to be pre-planned for months, but can be programmatically updated based on system availability and financial benefits.
• If you don’t have this capability then switching to a different acquirer (due to service outage for example) requires you to re-initiate 3DS with all of the clients that you wanted to perform MIT/MOTO transactions with - this will often not be possible and will result in a loss of revenue for the merchant and the processor.
• If you do have this capability you can switch to a different acquirer on the fly if the acquirer’s service becomes unstable or another acquirer provides better financial conditions.
• The benefit of this is near 100% uptime & a much better negotiation position with the processors.

SUMMARY: higher uptimes, lower fees, better user experience, lower losses of subscription revenue.

Connect to acquirers without IPGs

• Sooner or later you will get a good deal from a bank that is not really ready to accept e-commerce payments - those banks work with a family of financial protocols called ISO8583 - these protocols require you to store credit card data and require you to be PCI DSS compliant.
• Once upon a time we worked in a company which provided IPG services to a well known high risk processing bank, what got them started was one PSP and one development team that had the capability to integrate ISO8583-based VI/MC processor.
• Additionally, the IPG service is often provided to the bank by a third party, this means that IPG-driven services typically have lower uptimes & higher fees.

SUMMARY: higher uptimes, lower fees, opens up new acquiring opportunities.

Connect to acquirers using direct APIs rather than through payment forms

• Switching to other acquirers can be done instantly and without the need for the merchant to reintegrate if the merchant is using hosted payment fields, Android/iPhone SDKs and/or popular web shop plugins (Magento, Woocommercem, etc.).
• A much better user experience - the client will not notice if the processor is changed / done over a certain IPG.
• The hosted payment form is branded by your company.

SUMMARY: merchants that want to use webshop plugins, hosted payment fields or mobile SDKs can switch processors without internal development

PAN-based transaction routing

• Every PAN in the world has different interchange fees depending on the brand, card issuing program details (prepaid, business, personal, credit, debit)When the bank calculates fees, it needs to carefully study the structure of the volume it processes, calculates the average interchange fees over many different BINs and then provide a single easily understandable number - the fee amount - to the merchant.
• This means that the bank, when providing competitive fees, will be at a loss when performing certain transactions.
• The bank will be able to provide better fees if you are able to send the transactions which cause them a loss to a different bank that has better conditions.
• Additionally, the bank may in theory be able to offer 0-amount fees if the bank is also the issuer of a given BIN - i.e. if you were to negotiate a deal with "Revolut", to send just "Revolut" issued BINs to them would allow you to further reduce costs.

SUMMARY: lower - in some cases down to zero - fees

Airline and hotel industry processing

Airline and hotel industry both depend on “network providers” to bring traffic and payments - on one side we have IATA and on the other we have services such as booking.com that will send files and/or HTTP callbacks with clear card numbers.

If you want to be able to process those industries, then PCI DSS certification is the only way to go.

SUMMARY: to process airlines and hotels you need PCI DSS.

Other

Promotion schemes with Issuers and Networks

Bigger merchants will have direct deals with the credit card networks - offering discounts to them when a particular card type issued by particular entities is being used - you can provide this service only if you have PCI DSS.