Mark Dunn
January 26, 2023
min read

Protecting Personal Information or PI is a Highly Profitable Service.  

As you know PCI has been with us for more than 15 years and its driven by the Card Brands and industry-based standards.  ISO’s have made a lot of money off PCI, but the game of data compliance has gotten a lot bigger and it’s really in need of a refresh.

What we’re talking about here is a major enhancement of your current PCI program into a comprehensive regulation mandated program for Personal Information.

Protections for Personal Information are mandated by state, Federal (make Federal, State )and international regulations.   To address the compliance needs of businesses, ISOs need a better package of upscaled services.

I like to say that PCI was just the first quarter of a four-quarter game.  That’s because credit card information is just a subset of all the personal information a business can collect on a consumer.

PCI created multiple revenues for ISOs –

  • Data security fees
  • PCI compliance fees
  • PCI non-compliance fees

And as you know PCI turned into a real money maker as most of these fees went straight to the bottom line for ISOs.

But PCI compliance alone doesn’t really deliver what the merchant is mandated to have.

Here’s why:

  • PCI only covers credit card data.
  • It doesn’t address the vast array of Federal, state and international PI data compliance regulations.
  • It doesn’t ask the business about any other types of PI data they may collect or store.
  • It doesn’t provide the merchant with a reporting process in case there is a breach.
  • And PCI only tests one time per year.

Let’s face the truth here:  The PCI fees net the merchant very little by themselves.  It covers only a small fraction of the total data compliance picture.

But now there’s an even greater opportunity, because PI, personal information, replaces PCI.  This is an area where you can get ahead of your competitors.

PI is an expanding umbrella of mandated rules and regulations that cover every aspect of data from customers, employees, vendors and so forth.  It includes both electronic and physical financial data.  In fact, it includes over 100 different data records – the ones we’re already aware of

Social Security numbers and credit card info.  But also facial recognition, health records, and many more.  So it’s not just merchants that need data compliance – it’s every type of business.

Businesses of all types face increasing exposure, greater liability because of mandatory compliance requirements from all levels – international, Federal and state laws

And with that comes increasing exposure to fines and very bad publicity.  

That’s why we say that the path to PI preparation and protection is paved with revenues.

Plus, you boost your merchant retention because you have the business’ data compliance records.

What we’re talking about here is taking something you’re already doing and updating it into a reformulated, strong bundle of services around Personal Information.  This means you don’t have to create anything new.  You just need to enhance what you’re doing now.

It includes an analysis that will identify areas where the merchant will need to comply and take them through a certification.

It includes Data Breach Support and access to CSR’s Certified Privacy Experts to determine if a security breach meets the threshold to report to any state or federal agencies and if customer notification is required.

It includes a monthly scan of their ecommerce sites for updates that need to be implemented along with a monthly report.

This proven program is utilized today by over 150 global resellers and well in excess of over 250,000 SMB merchants.

So what does this mean for you?

For you this means you can earn more revenue without having to invest money or time.   But you need the right proven tools and methods – and you need to implement the program to get your share and lock your merchants into a “sticky” program

PI, like PCI before it, opens up the opportunity for you to enroll your merchants in a mandatory data compliance plan.  We’re recommending you upgrade your current PCI program into a highly valuable bundle of data compliance services.  The advantage here is that you have a very strong multi-part program that replaces a single element program.  

Every merchant in your portfolio has a duty to protect and not misuse PI data.  Most of them don’t know much about the 300 data privacy regulations that they are subject to.  If they’re shown to have failed relative to this data, it will have ramifications for you, the ISO, your acquirer and the card brands.

So let me introduce you to the company that puts you and your merchants back in control.  CSR Privacy Solutions, Inc. is more than 20 years old and has a network of 150 global resellers.  CSR provides services to more than 100,000 small businesses around the world, including USA, Canada, the EU and Australia.

Over the last 20 years CSR has developed certifications and expertise in all types of data privacy and protection.  

There are three primary CSR services in this bundle:

  • Privacy Assessment
  • Threat Scanning
  • Data Breach Support

All of these together take away all of the pain of data security compliance

CSR reduces liability and risk through Privacy Assessment by getting the merchant prepared to comply with data regulations, assisting them to put best practices in place and providing ongoing education.

And if there ever is a breach, Data Breach Support does the necessary analysis of the breach, determines what course of action needs to be carried through, goes through required reporting, and creates a summary report of actions.

Threat Scanning protects the merchant by scanning the merchant’s website and apps, reviewing the results, reporting on them and doing another scan every month.

This CSR package is the complete bundle of services for the merchant.  Plus the scans provide monthly feedback on results, which show the merchant that CSR is always on the job.

Posts you may like