Independent sales organizations now may offer merchants a security package that combines breach protection, consulting services and software that scans computers for unprotected card data.
The bundled product, called SecurityMetrics Assurance, became available to ISOs this week, says Brad Caldwell, CEO of SecurityMetrics Inc., the Orem, Utah-based payments security vendor that offers the package.
Breach protection included in the package covers costs associated with data theft for up to $100,000 per incident, double the usual amount that security vendors offer to ISOs, Caldwell tells PaymentsSource.
The protection reduces risk for ISOs because they become liable if breached merchants go out of business or can’t pay the costs associated with the breach.
The product’s accompanying PANscan software makes breaches less likely by searching merchants’ systems for unencrypted card and track data, both of which can lure hackers looking to steal information, he says.
During tests, the software turned up “significant amount of unencrypted software” on 71% of the merchants’ systems, Caldwell notes.
SecurityMetrics worked “many months” producing the software, trying hard to eliminate false positives that can sour merchants on security safeguards, he says.
Merchants may download the software themselves, Caldwell says, adding that the software searches quickly and does not require much of the system’s resources.
SecurityMetric’s support desk can help merchants lacking technical savvy to download the software, he says.
Moreover, the product comes with one hour of free consulting with the company’s security specialists, Caldwell says.
The bundled product fits several situations, in Caldwell’s view.
ISOs reluctant to get involved with the Payment Card Industry data security standards could use the product as an alternative means of pursuing security. And those with merchants still unready for the rigors of complying with PCI could use it as a “preparatory” approach to getting started with standards certification, he says.
Even ISOs with PCI programs in place could use the product for added security.
SecurityMetrics is making the product available to ISOs that work with other security vendors on PCI compliance.
Bundling breach protection services this way makes sense, says Todd Ablowitz, president of Double Diamond Group LLC, a Centennial, Colo.-based consulting firm. The product helps differentiate SecurityMetrics in a well-established market, he adds.
“When you see a number of competitors in a market that is well-defined and consistent, ISOs are going to shop around and competitors are looking for a way to stand out,” Ablowitz says.
What do you think about this? Send us your feedback.
