Modern forms of communication such as broadband benefit SME merchants by reducing costs and speeding up processing, but these need to be compliant and by their nature are technically more complex than legacy dial-up lines. For example, a merchant using dial-up who does not hold card data currently needs to accurately attest to 27 questions and thereafter continue to meet those obligations for as long as they wish to accept cards. This inflates to 100 plus questions, many technical in nature, where the same merchant moves from dial-up to an IP environment such as broadband. This raises a number of challenges and dissuades the merchant from making the transition to more modern forms of communication, missing the opportunity to improve the purchasing experience and reduce cost within their business.

The current Self Assessment Questionnaire (SAQ) audit process for SME merchants also exasperates the challenges they face with PCI by encouraging a check box approach to compliance without any knowledge as to the accuracy of what is being attested to. The industry has attempted to address this by creating online compliance portals where the merchant can attest electronically rather than by completing paper based forms of the SAQ. Unfortunately, and in most cases, this does not prevent the merchant from again attesting yes when in fact no rigour procedures or processes actually exist whether by accident or intent. Even when supported by a remote scan of the merchant’s systems this only validates the merchant’s systems at a specific point in time not 24/7, 365 days a year. The appropriate approach is to provide the merchant with an intelligent portal which can take information from a variety of solutions from PCI DSS certified vendors and automatically populate the SAQ on behalf of the merchant. Furthermore the information should be shared in a compliant manner with trusted parties such as acquiring banks who have an obligation to manage and report risk.

Chris is Commercial Manager for Europe at Mako Networks Ltd, having rejoined the company in 2010. He heads up sales of Mako’s PCI DSS Level 1 certified service which protects and enforces card present payments over public broadband.

Modern forms of communication such as broadband benefit SME merchants by reducing costs and speeding up processing, but these need to be compliant and by their nature are technically more complex than legacy dial-up lines. For example, a merchant using dial-up who does not hold card data currently needs to accurately attest to 27 questions and thereafter continue to meet those obligations for as long as they wish to accept cards. This inflates to 100 plus questions, many technical in nature, where the same merchant moves from dial-up to an IP environment such as broadband. This raises a number of challenges and dissuades the merchant from making the transition to more modern forms of communication, missing the opportunity to improve the purchasing experience and reduce cost within their business.

The current Self Assessment Questionnaire (SAQ) audit process for SME merchants also exasperates the challenges they face with PCI by encouraging a check box approach to compliance without any knowledge as to the accuracy of what is being attested to. The industry has attempted to address this by creating online compliance portals where the merchant can attest electronically rather than by completing paper based forms of the SAQ. Unfortunately, and in most cases, this does not prevent the merchant from again attesting yes when in fact no rigour procedures or processes actually exist whether by accident or intent. Even when supported by a remote scan of the merchant’s systems this only validates the merchant’s systems at a specific point in time not 24/7, 365 days a year. The appropriate approach is to provide the merchant with an intelligent portal which can take information from a variety of solutions from PCI DSS certified vendors and automatically populate the SAQ on behalf of the merchant. Furthermore the information should be shared in a compliant manner with trusted parties such as acquiring banks who have an obligation to manage and report risk.

Chris is Commercial Manager for Europe at Mako Networks Ltd, having rejoined the company in 2010. He heads up sales of Mako’s PCI DSS Level 1 certified service which protects and enforces card present payments over public broadband.