A Merchant Portfolio Authority (MPA) can be an Acquiring Bank or an eMoney Institution, a Payment Service Provider (PSP), Franchiser, Large Merchant, Payment Processor, Master Merchant or any kind of entity that is responsible for the PCI DSS compliance of a Merchants Portfolio.


MPAs' clients are Merchants, Vendors, Traders or, more generically, a legal entity that drives a commercial activity and handles cardholder data, or lets their customers purchase services and products through a payment card. Merchants are required to comply with PCI DSS in order to protect their customers data, and MPAs are responsible to monitor that all tasks are completed by their portfolio to be compliant.

Acquiring Banks and other institutions risk to receive big fines in case their merchants portfolio is not compliant with the PCI Compliance standard, or in other words, in case they cannot guarantee the protection that the customers and payment data of their Merchants deserves. This is a big problem for them because their merchants portfolio is the real cause of those fines, and getting each one of them ready to independently manage their compliance is not a piece of cake.

Merchants are many, they have their own priorities and no technical knowledge to understand PCI DSS.

Merchants have limited budgets and they need to have a good reason or see a return if they have to invest money in a portal that could help them manage their compliance. This is why it’s important to support them with the right solutions.

By introducing PCI DSS Management solutions, Merchant Portfolio Authorities face big investments. They have to put in a lot of time and resources, create call centres to support their Merchants, deal with their own sales department who might claim those portals prevent sales because they make Merchants’ lives complicated, they are forced to create internal & external awareness programmes.

This all means a huge cost increase but it doesn’t necessarily reflect into a larger enrolment of Merchants and a consequent growth in the number of compliant entities.

Merchant Portfolio Authorities need a SaaS developed by security experts and thought for the end user.

A PCI DSS Management portal is a great way to support Merchants to achieve, monitor and maintain PCI DSS Compliance because it standardizes operations and allows Merchant Portfolio Authorities to control the status of each Merchant’s compliance.

If you are an MPA, you surely understand the need such a solution, something easy to use and cost effective. Something able to provide many features that will make the life of the end users better while ensuring a full control of the whole Marchant Portfolio.

Imagine a solution that could help you and your Merchants with key tasks.

  • Group your Merchants in hierarchies and segments. This will reduce complexity by making it easier to manage your Merchants Portfolio and their tasks.
  • Communicate with your Merchants Portfolio. Whether it is news, training, alerts, offers or simple reminders, you can reach your merchants at the touch of a button.
  • Maximize your revenue by keeping costs down. Adopt an intuitive and cost-effective solution developed in collaboration with Cognitive Scientists.
  • Run, download and share reports with others. Allow your Merchants to report their PCI DSS Compliance to more than one acquirer or processor at the same time.
  • Generate reports for Card Brands instantaneously. Make sure that Card Brands can stay updated about the status of your Merchant Portfolio's PCI Compliance.
Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.