In an effort to make the technical aspects of credit card security compliance easier for its small-business customers, Century Payments Inc. will put Trustwave fraud-protection programs in place within three months, the company said Sept. 7.
The Frisco, Texas-based payment processing company says Trustwave, a Chicago-based data security and compliance service provider, will provide its TrustKeeper website portal to help small-business merchants assess Payment Card Industry Data Security Standard compliance.
Because a high percentage of Century Payment’s 24,000 small-business merchants use integrated payment systems potentially vulnerable to hackers, Trustwave’s software programs and self-assessment process will help merchants grasp the various levels of card data security needed, Christopher Justice, Century Payments CEO, tells PaymentsSource.
“Our clients are primarily retailers and restaurants, and the brick-and-mortar world is far more ripe for data breaches than online retail because the criminals go after the card-present data,” Justice says.
TrustKeeper features PCI Wizard, a software program designed to simplify PCI-DSS compliance self-assessment, Doug Klotina, executive vice president of payment services and channel partners at Trustwave, tells PaymentsSource.
PCI Wizard includes a step-by-step guide for the customer to evaluate PCI status and potential vulnerability, Klotina explains. “It’s very logical and non-technical, mostly asking questions about the business, allowing the merchant to check his practices against the standards, while spelling out areas of non-compliance.”
Justice agrees TrustKeeper and PCI Wizard can simplify the self-assessment process, but notes that his clients often struggle with linking various technologies to payments and data security systems.
But the self-assessment process tends to reveal to merchants that the more security measures, the better, Justice says.
“(Small businesses owners) have to understand that there are a number of layers and stages to protect,” Justice says. “(Not having layers of network protection) is like putting a bank vault in a parking lot, unprotected. Eventually, someone is going to figure out how to get past the layers of protection and break in.”
Smaller businesses can represent “easy pickings” for stealing card data for criminals, making an arrangement for more security tools vital for those merchants, one industry analyst contends.
“The best practice that Level 4 merchants (small businesses generally processing less than 1 million Visa transactions, or less than 20,000 online transactions annually) don’t usually think of is that you have to have sensitive data stored in a secure place and it should be encrypted in storage,” Julie Conroy McNelley, a senior risk and fraud analyst with Boston-based Aite Consulting Group, tells PaymentsSource.
What do you think about this? Send us your feedback.
