Press Release

ControlScan Launches Security Consulting Service that Helps ISOs and Acquirers Discover and Protect Merchants' PII

Risk, liability inherent to merchant application process drive need for greater organizational awareness

ATLANTA, Mar. 19, 2013 - Today's independent sales organizations (ISOs) and merchant acquirers strive to protect themselves and their merchants against hackers and data thieves. But with a payments industry focus on securing credit card data, many ISOs and acquirers could be inadvertently overlooking personally identifiable information (PII) residing within their business systems. This potentially hidden risk could become a real liability, should it involve compromised PII from the merchant applications they process and store.

ControlScan, an expert provider of payment security and compliance solutions, has enhanced its security consulting services offerings to include a new service that specifically addresses the underlying risk within the merchant application process. The applications merchants submit to ISOs and acquirers contain a significant amount and variety of PII, including full names, birth dates, driver's license numbers, account numbers, social security numbers, email addresses and more. In the wrong hands, this information can be used to commit individual or business identity fraud.

"ControlScan's qualified security assessors are recognized for helping ISO and acquirer organizations effectively identify and remediate security gaps related to electronic payment data," said Steve Robb, the company's senior vice president of products and services. "However, the standard 'PCI' conversation has recently grown to encompass PII in a broader sense, including sensitive merchant application data, because when unaddressed, it represents a substantial business threat."

The ControlScan Sensitive Merchant Data Assessment is designed to help ISOs and acquirers further improve their security posture and reduce the risk of data compromise by documenting the organizational flow of merchant PII and providing recommendations for its protection.

"Commercial identity theft is a real and growing threat. Proactively addressing the risk and liability inherent to the merchant application process helps ISOs and acquirers safeguard customer confidence and maintain a solid reputation with sponsor banks and card brands," said Robb.

ControlScan has published a risky PII data infographic highlighting the myriad locations sensitive merchant data could exist. ISOs and acquirers concerned with this issue can receive a complimentary Sensitive Merchant Application Data consultation by calling ControlScan at 1-800-825-3301, ext 4.

About ControlScan
Headquartered in Atlanta, ControlScan delivers unified security and compliance solutions that help small and mid-sized businesses secure sensitive data and comply with information security and privacy standards. We support business owners, franchisees and merchant service providers with technology, services and expertise for PCI DSS, HIPAA and EI3PA compliance; vulnerability detection and risk mitigation; POS, e-commerce and mobile security; and more. For more information, please visit or call 1-800-825-3301.