Skip to content

President’s Note | Transparency


There’s a disturbing trend beginning to develop in the marketplace – technology resellers and vendors are being targeted as the “bad guy” in the eyes of the customer base. In July, an article titled “Retailers Need to Protect Themselves from Lying Vendors” appeared in Storefront Backtalk. Also in July, a reseller member shared an email from customer telling them not to contact them with anymore PCI updates because it was only a way for them to make money off the retailer. 

The wide majority of retail technology providers are doing the right thing for their customers. However, some are not; which provides the fuel for those articles and perceptions. The author of the article in Storefront Backtalk works for a forensic auditor. I called him about his article and he related several horror stories of poor communications with customers and a lack of understanding PCI standard. In one example, a customer purchased a system that used a token for payment processing because they were told it would eliminate their need to worry about PCI compliance.  When the forensic auditor asked the technology provider how this worked and how it eliminated the need for PCI compliance – a viable answer was not provided and ultimately the customer had to upgrade a second time,  to be PCI compliant. 

RSPA’s PCI education should help with the knowledge but good transparent communications with your customers is the critical element. Become your customers’ trusted advisor rather than the “bad guy”. Make sure you understand the PCI issue and your products’ offerings which address this issue. The responsibility for compliance is clearly the end-user or “merchant”. We will be doing our part at RSPA to help change that perception.  However, you can start to change the market perception by helping your customers understand their responsibilities. Clearly and transparently define all options and costs for their retail technology, administration and ongoing support.

Take a few minutes to watch “Are You At Risk?” – RSPA’s Project: PCI Video. Project PCI is RSPA’s outreach program to help educate and provide direction to our members about Payment Card Industry Security Compliance. RSPA offers information on a wide-range of topics concerning PCI Compliance.

2 Comments leave one →
  1. 2010/10/22 12:40 pm

    Comment from Rick Street via LinkedIn:

    “We see an increase in our role to “front” the retailer from vendors. We’re asked to define needs and shortlist, then qualify vendors directly.”

  2. 2010/10/22 12:42 pm

    Comment from David Reuland via RSPA’s LinkedIn Group:

    “The Storefront article addresses the misrepresentations about how a product does/does not support a retailer’s overall PCI compliance needs. The tone is harsh, but the topic is valid. We should all be trained by now to say that PCI compliance is the retailer’s responsibility and not pretend that anything that we offer is the silver bullet. Picture yourself in front of a judge with a retailer saying “I did not know, my VAR told me…….” and you are the expert in the field trying to then say it was their job, not yours. The sympathy won’t be with you!

    To the 2nd point, we have taken a more active stance to talk about updates and other things that will cost money BEFORE we ask them to do it (plant the seed). Many businesses are tight for cash, so they are rightly challenging all expenses. You can grease the skids for the future request to sell upgrades/services/etc if you explain it now. However, if you use PCI requirements like a hammer to sell to your existing base, they’ll resent it!”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: