When it comes to handling client campaigns, many agencies do not consider adhering to payment card safety guidelines as part of their responsibility. However, Mark Stephens, Head of Sales, NetBenefit, believes that those that do can gain a real competitive advantage…
The very raison d’être of a digital agency is to provide the creative and technical expertise that many companies don’t have in-house. As well as offer services, their key function is as an advisor, who more often than not, takes a lead role in any online project.
Considering the trust that their clients put in them, it came as somewhat of a surprise to find that many digital agencies are ignoring the PCI Data Security Standard.
Following a series of focus groups and seminars run by NetBenefit in conjunction with Barclaycard & Visa we found that agencies do not feel that PCI compliance is their responsibility. This is not to say that they’re not security conscious, it’s simply that if their client doesn’t ask about PCI DSS then it’s not part of the conversation.
While it’s true that the merchant is ultimately responsible for becoming compliant, an agency’s decision to divest itself of responsibility and liability is a dangerous position to take. The worst case scenario is a situation were neither party takes ownership and the client’s business and brand is left unprotected from fraud. Eventually when a breach does occur both parties suffer as a consequence.
As PCI compliance becomes more established in the UK it is likely that it will be an important part of every conversation between client and agency. While essential, PCI DSS is quite complicated and clients will be looking to their suppliers for help dealing with it. Therefore any agency that actively includes PCI compliance as part of its sales pitch and makes it an essential element it of the planning process can set itself apart from its competition.
Today a company’s website is an extension of its brand. They therefore work hard to create a good experience that maintains loyalty. Michelle Tolmay security officer at ASOS acknowledged the threat to a brand when she spoke at our education day, Truths and Myths of PCI DSS, “With social media like it is, it’s very easy for people to air their grievances against a company and make them very public.”
Also according to ASOS, shoppers are more inclined to trust PCI compliant brands and therefore spend more money. A recent market survey found 40% of online shoppers said they would be happy to spend 20% more for products on sites that were PCI compliant. “We have already had a number of high profile hacking stories this year, which can only lead to greater consumer concern. Any agency that can offer a PCI specialism is likely to be more attractive to merchants than those that don’t”, says Michelle Tolmay.
Therefore any agency that can demonstrate any measures towards protecting a brand online puts themselves at a competitive advantage against rivals who continue to see compliance as out of their remit.
A third advantage is that merchants find PCI DSS a real burden because it’s challenging to fully grasp the processes and technology required to achieve compliance. An agency that can offer guidance and help to deliver an online shop in accordance with the standard from the initial planning stage can really go a long way to alleviating the migraine that many merchants feel when faced with the demands of compliance. Also, once they have developed the specialism they can get endorsed by Visa as a service provider on the www.visamerchantagents.com website. This is a very powerful statement when going up against other competitors in a pitch.
Therefore offering guidance on PCI compliance and including it as part of the design and build of a merchant’s web presence will increase an agency’s value though the long-term protection of the client’s brand and by greatly reducing the risk of them being a victim of fraud.
We therefore believe that having a good understanding of PCI compliance, an agency can demonstrate a clear differentiator between themselves and their competitors.
By Mark Stephens
Head of Sales
NetBenefit
http://www.netbenefit.com/