Vendor Wishlist for 2008
December 24th, 2007 by admin Posted in Vendors
(This is republished from our December 2007 newsletter. To read them all as they are released be sure to subscribe or check it out online.)
In 2007, compliance was the name of the game and every other vendor claimed their product would comply with just about everything, including the building codes for installing a kitchen sink. As 2008 approaches we find the term “GRC” popping up as companies try to tie together Governance-Risk-Compliance for a trifecta of sales terms. Instead of branding and marketing, a movement is growing that calls for product vendors to educate their customers about their product and the specific issues that merchants or service providers may be facing. Here’s a short wish list for product vendors in 2008.
- Educate me! Having a logo that says your product makes me compliant is nice but it’s no longer a differentiating factor. I need to choose between 10 vendors that all claim the same thing. I also need to make sure I’m choosing a product that will solve our problem and not get me fired for implementing. What I want as a consumer is for my vendor to know more about my compliance issues than I do. I want their web site and marketing materials to educate me about the issues I know and those I am yet to encounter.
- Never over commit and under deliver! I don’t care if your product cannot bake me bread in the morning, I just want to know what it’s true capabilities are so I can make educated comparisons. Maybe your product compliments another I already have, but I won’t know that if you tell me it solves all the world’s problems. I would home vendors in 2008 have a crystal clear message about specifically what their product can and cannot do. This lends itself to my vendor understanding the compliance and risk areas first (see above.)
- Define the space you support! Nothing makes me feel better about choosing a vendor and knowing they will be around than seeing them define the space they support. I want my vendors to be the movers and shakers who define the standard and explore uncharted waters. I want my vendor to own the conversation surrounding their product space and talk to me about it.
- Be connected! It is especially important with new vendors that I know they are connected and supported by people I know and trust. Word of mouth is stronger now more than ever, and I will make decisions based on the words and recommendations of those I know and trust. I want my vendor to connect and collaborate with others I know, so my decision grounded and secure.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
One Response to “Vendor Wishlist for 2008”
By Jeff Hall on Dec 30, 2007
I would add that vendors should be forthcoming about their product’s compliance. We are seeing too many vendors relying on the fact that they have PABP certification and therefore that’s all they have to say.
What we are ultimately finding out without the vendor’s assistance is that while a product is PABP compliant, the product for example stores the PAN encrypted or hashed and that the merchant needs to implement appropriate controls to ensure they are PCI DSS compliant.
Vendors need to understand that PABP compliance does NOT automatically guarantee that when the product implemented by a merchant is automatically PCI DSS compliant.