Nearly 22 million businesses have merchant accounts that accept credit cards and are subject to PCI Data Security Standards. Offering PCI compliance to clients and prospects that process, store or transmit credit card information is a tremendous opportunity for MSPs. Currently, 92% of attacks target small businesses with low processing volume. Small businesses are especially prime targets for data thieves because many have more lax security standards for cardholder data than larger corporations like Target and Hilton Hotels, two companies that still suffered severe data breaches! 

Business fallout for security breaches is severe. If hit, your clients could incur fines, penalties, lost sales and could even face the risk of going out of business. How can you stay ahead of the curve and help them avoid a tarnished image and business-crippling costs? For one, you can offer PCI compliance risk assessments to ensure liable customers stay safe and abide by security regulations. 

Every credit card has slightly different compliance requirements. Running separate reports on brands like American Express, Visa, MasterCard, etc. can be very time-consuming and requires a robust process that won't miss or mix up any regulation. Neglecting to monitor these standards, however, leaves your clients at risk. Using the PCI module from RapidFire Tools, you can streamline this process, generate comprehensive PCI compliance reports and brand them as your own. You don't have to leave your clients' data security to chance!

The PCI module first runs an initial data collections process, a CDE (Card Holder Data Environment) deep scan, gathers secondary data and collects document exceptions. The reports show you whether clients are compliant and list issues they need to remediate to become compliant. MSPs who leverage the PCI module can run these reports, collect new intelligence to share with prospects and clients and grow their businesses by offering any of these three main revenue-generating business models:

1. PCI Assessment Services

Choose this model if you are looking to:

  • Grow your book of business
  • Strengthen your sales funnel
  • Attract more prospects 

This business model is focused around using the PCI module as a sales enablement tool in direct mail or email campaigns that target a list of your dream clients. In your send, offer a free PCI compliance risk assessment to the first fifty recipients that reach back out to you. Alternatively, run a special promotion for a week, and offer these risk assessments at a discounted price. Any combination of the two approaches works to attract new business. Once people sign up, you can use the PCI module to run CDE scans and perform PCI pre-audit services. The insight gleaned from these reports will help you position yourself as a trusted business advisor, helping you to close prospects and upsell clients later in the sales funnel.

2. PCI Remediation Services 

Choose this model if you are looking to: 

  • Onboard prospects faster
  • Impress new customers
  • Build trust with current customers 

Offering PCI remediation services is the next step in selling prospects on your impressive managed IT services solution or in continuing to strengthen relationships with top clients. Using the PCI module, you can document and prioritize issues your prospects or customers must remediate in order to correct PCI-related security vulnerabilities. Running risk assessments alone won't keep your clients PCI-compliant. Once the issues that need addressing are detected, somebody has to remediate them. Take your IT service one step further by offering to do the job for them! Because businesses are dependent on your knowledge and expertise to fix such compliance weaknesses, you can charge an additional fee for remediation services.

3. PCI Compliance Services 

Choose this model if you are looking to: 

  • Develop a stronger relationship with customers 
  • Bill more recurring revenue 
  • Focus on cross/up sell efforts 

You can use PCI compliance services to prospect, but you also want to sell it as an additional service to all of your current clients who are subject to these regulations. Like remote monitoring and management (RMM) and backup and disaster recovery (BDR) services, PCI compliance is yet another source of recurring revenue.

Perhaps introduce the conversation at your next quarterly business review (QBR). If you're not holding QBRs, you really should be. Regularly visiting your clients and getting to know them and their business needs better helps you build those relationships and identify upsell and cross-sell opportunities. With the PCI module, you'll get a pre-scan questionnaire you can review with clients to learn more about their environments. Depending on their answers, there may be an opportunity to sell them PCI compliance services. For clients who you've already discovered need these services, run an assessment and print out the reports that point out problem areas in need of remediating. These findings will serve as proof that they are not compliant, thus increasing their demand for your additional support. Cross-selling and upselling clients on PCI compliance services adds to recurring revenue and, little by little, increases your stickiness as your customers' sole IT provider. 

The Next Big Thing for MSPs - PCI Compliance Webinar

Last week, we co-hosted a webinar with RapidFire Tools to bring MSPs up-to-speed about the market for PCI risk assessment compliance services. The webinar introduced the PCI Data security standard, challenges faced by SMBs to remain compliant and descriptions of the different reports you can utilize to generate additional recurring revenue. Watch the webinar by clicking below!