Guest Column | January 20, 2022

Rise In Payment Protection Concerns Creates New MRR Opportunities For MSPs

By Ryan Goodman, President, ConnectBooster

Payment Security

The pandemic-driven shift to WFH and remote workplaces has presented new challenges and opportunities to the business community and MSPs. As part of this shift, the demand for online options is rapidly growing due to ongoing cloud and mobile transformations as well as the consumer shift toward web-based purchases of goods and services. With approximately $2 billion in mobile transactions processed in 2020 (up 22% from 2019), people’s confidence in online payments is clearly flourishing. 

Another factor is the declining use of cash. Many merchants no longer accept paper currency or change due to coin shortages, and with our younger generations preferring digital payment and credit cards, the shift toward electronic-based transactions will likely continue to gain speed. The U.S. Treasury Department has been encouraging the use of digital payment options for years to help reduce currency production costs and speed global transactions. Consumer preferences will only feed those efforts.

Of course, as with any prevalent trend, cybercriminals also have taken notice. The risks of payment data breaches are intensifying, with nearly 75% of businesses targeted by attacks last year, according to a recent survey by the Association of Financial Professionals. The sheer volume and size of these transactions have created a target-rich environment for hackers and ransomware purveyors.

MSPs can play a more active role in assessing and neutralizing these threats, and not just for their clients. IT services firms also make perfect targets, so implementing solutions that lessen the potential liability is not only a great step in self-preservation but an opportunity to grow MRR with a new customer-focused offering.

MSPs Lead With Cybersecurity 

Cash used to be king, but today, payment-related data is the new gold standard for cybercriminals. They can quickly and easily convert that information into cash or use it to acquire resalable goods or services. While conversations in the IT industry focus on MSPs’ networks being the “keys to the kingdom,” credit and banking data remain the low-hanging fruit that most cybercriminals treasure and regularly target.

The good news for IT professionals is that virtually every technology-based problem has a solution they can deliver. Payment security concerns are not a new concept to businesses and should be considered a natural extension of MSPs’ data protection practices. However, for many providers, this hasn’t always been the case.

Payment processing has often been pigeonholed in the specialized support category, much like telephone equipment, multi-function printers, and video surveillance and security solutions. In most cases, IT services professionals did their thing and other firms handled those areas and only intersected when there was a problem with computer settings, network configurations, or security. Cloud and technology advances have blurred those lines.

In today’s virtual world, with VoIP and other IP-enabled options, MSPs can virtually do it all with little, if any, outside help. Those capabilities are critically important with the rise of ransomware and highly sophisticated cybercriminal syndicates, and the incremental revenue from each new opportunity helps pad providers’ bottom lines. The breadth and complexity of the risks associated with online payments deserve the MSP community's attention, advanced skills, and resources. Payment security might not be in your current stack alongside other cybersecurity offerings — but now is an opportunity to dig deeper into this vital need.

Take Ownership Of The Problem (And Opportunity)

Businesses often assume their IT services partners cover everything that goes through the internet. Unfortunately, payment processing systems are not always the responsibility of the MSP — especially when third parties are involved. There has long been a disconnect between security technology providers, payment processing providers, and the businesses that use the payment products. As that last-mile support company, MSPs usually get the blame for anything not covered by others.

Payment security, at first glance, seems outside the traditional scope of MSP cybersecurity offerings. Because SMBs already believe it’s within range, IT providers should capitalize on that perception. IT services firms can offer tremendous value by leveraging their own expertise and the expertise of their partners to bring better risk reduction to the areas where payments and security overlap.

Add Payment Security To The Portfolio

Companies are typically willing to invest in cost-effective solutions that address newly discovered vulnerabilities. Bringing those issues to the forefront is the first step in the process. Proactively identifying payment environment weaknesses and promoting a secure payment platform that addresses clients’ needs and concerns fills an important gap and simultaneously drives valuable new MRR for MSPs.

For example, Secure Payments by ConnectBooster creates a profitable and unique proposition for the IT services community. With a simple assessment based on PCI DSS best practices and other standards provided by Secure Payments, MSPs can quickly evaluate and address the security, compliance, and optimization of their clients’ payment landscapes and offer a solution.

Strengthening the payment landscape helps protect customer credit and banking data. Many companies end up storing some, if not all, of that valuable information in less-than-optimal systems with no consideration for PCI compliance standards. Eighty-eight percent of SMBs were found to have unencrypted payment information stored in their environments. That data is a prime target for theft, ransomware, and other cyberattacks. Secure Payments gives MSPs the tools to avoid these situations and effectively guide customers to reduce their cyber liabilities and compliance issues.

Implementing technologies such as point-to-point encryption, tokenization, EMV chip acceptance, PCI DSS Compliance, and other methods for protecting PII (Personal Identifiable Information) helps make this possible.

Start managing the growing payment threat environment for your clients and create a new specialization and revenue source for your IT business.

About The Author

Ryan Goodman is President at ConnectBooster.