An Interview with Sean Fuery, Director, Business Development
Why do merchants say they’re compliant, even when they’re not?
Most vendors in the merchant security industry offer a technology that gives a merchant the opportunity to go online, register, find out how they’re handling card data, fill out the proper PCI Self-Assessment
Questionnaire (SAQ) and if necessary, schedule a scan. What that technology doesn’t take into account is the fact that most merchants just don’t understand the surrounding complexities of PCI. They don’t understand how their card handling practices impact which SAQ they fill out, or whether or not their business must be scanned. In most cases, regardless of the security vendor they’re using, a merchant will begin filling out the SAQ and get to a point where they don’t understand what they’re reading. They can’t give an informed answer because they don’t have the technological expertise.
How does SecurityMetrics remedy merchant PCI confusion?
Our phone representatives take those merchants by the hand and explain what the SAQ questions mean in layman’s terms and how those questions apply to their business. We make sure they understand what their business’ handling practices should be based on the SAQ criteria.
When is a portfolio on the right track?
It’s not enough to get a merchant enrolled in a PCI program. Our ultimate goal is to validate their PCI compliance. The current industry average for PCI penetration within any given portfolio is between 10 and 20 percent. Quite honestly, we consider anything under 50 percent a catastrophic failure. We want a merchant to successfully become PCI compliant because a merchant that fills out an SAQ and passes a scan is going to be less of a target to a hacker. Hackers go after easy targets. Our merchants aren’t easy targets.
What is the secret to merchant portfolio success?
90% compliance. We have partners who have achieved this goal. We honor and support the PCI council in the SAQ questions they have offered; we just make it easier for merchants to understand. The PCI council has set the bar high to ensure merchants are safe. We feel it is our job to help merchants over the bar.