July 8, 2020 • Published by Matt Loos
Payment Security • PCI Compliance • Risk Management
There is a fine line being walked in the merchant acquiring and payments space. As both the primary players and the smaller providers know, merchants’ security threat landscape continues to shift and expand at a rapid pace. Guiding merchants down the path of implementing security protocols to protect the merchant, and mitigating breach risk for the processor, can be challenging.
The core challenge is that merchants within an acquirer’s portfolio can be exceptionally diverse, not only in terms of their payment processing methods, but also in their internal ability to successfully secure payments and their overall business. Second, small and medium-sized businesses view implementing security as a daunting task that is easily overlooked due to lack of education and knowledge of the risk factors. Because of this lack of education, in their mind it is easier to stick with status quo than to take action.
This year we’ve seen a notable uptick in our merchant acquiring partners leveraging ControlScan to bring security technologies into their merchant compliance programs. This essentially marries the concepts of security and compliance. However, they are not approaching every merchant in the same way; they are instead taking what we call a “scalpel approach.”
The scalpel approach involves examining processing environments, integrated technology, size, and vertical focus in a way that groups merchants into needs-based buckets. Once this is accomplished it is possible to position each merchant to mitigate threats according to their specific environments. Carving out pieces of a portfolio allows the acquirer and ControlScan to narrow the focus and create bundled security solutions that apply to the various merchant environments. This segmentation ensures that the right security products are introduced to the right merchant at the right price point.
In ControlScan’s most recent survey of SMB merchants, we noted a trend toward the widespread acceptance of merchant service providers’ integrated security offerings. The most significant areas of adoption are anti-malware/anti-virus and network firewall.
Those aren’t the only solutions being adopted, however. In the last several months we’ve had many conversations with partners seeing increased interest in endpoint security solutions that combine traditional anti-malware/anti-virus with more advanced protections, as well as managed threat detection and response services that take the pressure of this important security activity off merchants.
Each of these solutions are easily deployable via agent or hardware on premise. It is critical that small and medium-sized businesses receive security software and hardware that are plug and play. That means automated setup and remote management of the settings and overall performance of each protocol by ControlScan specialists who have “eyes on glass.”
Chesapeake Payment Systems is an excellent example of the scalpel approach in action. Chesapeake implemented this approach to achieve a mid-90’s portfolio compliance rate, segmenting its merchants based on risk levels and offering easy-to-implement managed security solutions to those at a higher risk. This success story outlines how Chesapeake and ControlScan partnered not only to get their merchants compliant, but to also get them over the perimeter security hurdle with an expertly implemented UTM firewall solution.
As I mentioned above, even merchant acquiring organizations with the largest portfolios can benefit from the scalpel approach. It’s all about creating a product offering that adjusts to fit the way your various merchant groups do business.
Learn more about applying the scalpel approach through your ControlScan partnership. Call us today at 800-825-3301, ext. 3.