Independent sales organizations that choose to offer their merchant clients data security from third-party vendors should evaluate closely which vendors best match their needs, observers note. ISOs create a "deadly combo" if they force merchants to pay for a service and then give them a vendor that does not provide value, says Doug Klotnia, general manager of the compliance division at Trustwave, a Chicago-based payment-security company. "You made the merchant do something, did not give them a choice and gave them a subpar vendor. It is not a good situation," he says. Some ISOs resell security services from third-party vendors to help their merchants comply with the Payment Card Industry data-security standards. ISOs typically charge merchants for such services, but the fees vary by company. Working with a vendor often is the best choice for small ISOs because they do not have the resources to staff a help desk or call center to handle merchants' security questions, says Joan Herbig, CEO of ControlScan Inc., an Atlanta-based provider of PCI compliance and security products for small and midsize merchants. Avid Payments began searching for a security vendor by looking at their reputations in the industry and at what they could provide merchants, says Valissa Kelly, vice president of sales and operations at the Birmingham, Mich.-based ISO. It was important for the ISO to find a vendor that could "provide everything our merchants possibly could need" and allow Kelly and her team to focus on sales and client service, she says.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry