Payment Card Industry (PCI) Data Security Standard (DSS) compliance solutions specialist ControlScan Inc. was founded in 2005 by a small e-commerce business in need of a solution to secure its Web site. After researching available offerings, the company concluded no niche was dedicated specifically to helping small and mid-sized e-commerce merchants secure their businesses. ControlScan decided to fill the need.
In late 2007, ControlScan brought a new management team onboard to expand the company's scope. Joan Herbig, ControlScan's Chief Executive Officer, saw an opportunity to parlay the work the company had done with e-commerce merchants directly. Subsequently, ControlScan shifted its strategy and began partnering with ISOs, banks and merchant acquirers to roll out PCI programs targeted to their small merchant portfolios.
"Up to that point we only sold directly to e-commerce merchants in the PCI space," Herbig said. "So we started targeting acquirers, ISOs and banks to help them manage their portfolios of small merchants through the PCI compliance process. These organizations have anywhere from a couple hundred merchants to tens of thousands for whom they are processing or providing services.
"Most of our ISOs and banks have a combination of e-commerce, brick and mortar and MO/TO merchants - and we certainly have a solution that will work across all merchant types. And I know one of the things that differentiates ControlScan is that from the very beginning we have had an exclusive focus on the Level 4 merchant. We wake up every day thinking about our small merchants, how they go about their business and how that relates to PCI."
PCI questionnaires can range from 11 questions to over 200. To help small merchants achieve PCI compliance as simply as possible, ControlScan provides:
To help ISOs and acquirers launch and track a successful PCI compliance program with their small merchants, ControlScan provides:
According to Herbig, all of ControlScan's offerings are tailored to help merchants become compliant. The biggest challenge, however, is getting these small merchants to take action.
"We offer Web solutions that are quite rich in terms of what we can do to make compliance as easy as possible, but more importantly we offer them access to human beings as they move through the process and help them answer any question or address any concern," Herbig said.
"We help them interpret the results and work with them to remediate any vulnerabilities that are discovered. And what our bank and ISO partners like about our program is its full-service nature.
"We can help them design programs that are tailored to the way they deal with their merchant communities. It's not about providing some generic solution. We offer a program that starts with outreach to the merchant and continues all the way through the process of completing compliance. Remember also that they have to go through the process every year, so it's another process entirely to re-engage that merchant each year - and we help with that as well."
ControlScan believes it distinguishes itself by providing service on a more personal level.
"Consulting with our partners from the very beginning of a relationship gives us a sense of the tone that our ISOs, banks and acquirers take with their merchants and how they approach them, so that as we engage with their merchants we become a natural extension of their team," said Heather Varian Foster, Vice President of Marketing.
"We work diligently to educate the merchants and provide whatever services or products needed to help them understand the value of PCI and how it will help protect their businesses."
For Omaha, Neb.-based payment solutions provider American Payment Systems, it was this attention to the human element that enticed the company to partner with ControlScan in April 2009.
"In a nutshell it was their attentiveness to me," said Steve Cartwright, Chief Financial Officer of APS.
"They paid attention to me where other PCI partners didn't. We're not a huge ISO, so our goal is to make our smaller merchants feel like they matter to us. Simply put, I felt like I mattered to ControlScan. They understand what it's like to work with these merchants, and they were able to mimic our business model and be a lot like us in that regard."
Cartwright added that whenever he has questions about PCI or the program, ControlScan will get the right people on the phone and give him the information he needs. "They were and are so responsive and attentive," he said. "ControlScan's outbound calling approach made all the difference in the world. No other way would be as effective. Now I can refer my merchants over to true PCI experts because there is no way my small customer service team would be able to do this."
In the first two months of its partnership with ControlScan, APS' compliance rate increased 30 percent overall; after the first six months, compliance rates had reached nearly 50 percent.
According to David Abouchar, ControlScan's Senior Director of Product Management and Development, outsourcing is an attractive proposition for banks and ISOs because it helps offload the burden of managing a PCI compliance process.
"Many don't realize all the intricacies involved in and the overhead required to managing an effective program," Abouchar said. "This includes having the right people, processes and technology. And we define 'effective' as a program that yields high compliance rates and merchant satisfaction, while allowing our partners to focus on their core business.
"Additionally, we pride ourselves in being that trusted ally for all our partners' merchants because they don't know, by and large, where to turn. They typically don't have an IT person on site, and they're looking for direction. We empathize with that, so we're there to give them whatever information they need to address any PCI issue."
Sandy Jackson, Client Implementation/Special Projects Manager at payment and compliance solutions provider CardWare International, said it was that sense of empathy and the degree of personal service provided that made ControlScan attractive as a partner.
"Many of our merchants were unclear and overwhelmed by PCI, so we needed a program that was user-friendly and easy to understand," Jackson said. "A majority of our business referrals to ControlScan have come directly from our financial institutions that are seeking a provider to eliminate the hassles for them, to handle PCI compliance internally and provide a robust reporting package that allows them to track the status of their merchant portfolio.
"Additionally, ControlScan has been a major contributor and participant in our annual Peer Group Meeting. Each year we invite a select group of clients and vendors together, and ControlScan always provides a presentation to one of the most frequently requested topics of discussion. We greatly appreciate their participation in this event, and we value their partnership with us."
Abouchar noted that, as an extension to PCI compliance and to better assist its partners underwriting processes, ControlScan is formally launching a new risk management product called WordScan.
It is designed specifically to automate e-commerce merchant underwriting and eliminate the manual process that many ISOs, banks and acquirers still use today.
"When our partners have to underwrite e-commerce merchants, there are certain words that must be contained with[in] the site before the account can be approved," he said.
"In addition, card brands have requirements around monitoring customer Web sites for prohibited or problematic words and ensuring merchants are selling what they indicated on their applications. WordScan is a cost-effective solution that helps ISOs, banks and acquirers meet these requirements," Abouchar added.
Abouchar said that to help merchants as they travel the path of compliance, ControlScan will take any measure necessary to make a merchant comfortable with PCI.
"We'll take whatever time needed to slug it out with a merchant, even if we have to hold their hand through all 226 questions of the PCI DSS," he noted. "And while PCI does not equal security, it is - especially for small merchants - a great foundation and guideline from which to build their own security policies.
"Everything we do at ControlScan revolves around communication and engaging the merchant so they really get something out of it. It seems like a simple thing that everyone could emulate, but it is hard to scale. That is an element that is critical to us, and we've managed to execute it successfully."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
ISO/MLS contact:
Heather Varian Foster
Vice President of Marketing
Phone: 678-279-2644
E-mail: hfoster@controlscan.com
Company address:
340 Interstate North, Suite 347
Atlanta, GA 30339
Phone: 678-279-2644
Fax: 800-825-2207
Web site: www.controlscan.com
ISO/MLS benefits:
Company Profile originally appeared in
The Green Sheet Issue 100301
181201 - Network Merchants LLC
180902 - MainStream Merchant Services Inc.
180801 - Century Business Solutions
180502 - Priority Payment Systems Northeast
180501 - Merchant e-Solutions Inc.
180301 - Wirecard North America
171202 - Secure Cryptopayments
171002 - National Benefit Programs LLC
170902 - Frates Insurance & Risk Management
170901 - DCS Holdings Group LLC
170802 - Apogee Payment Systems LLC
170702 - Active Software & Hardware Systems
170701 - Veratad Technologies LLC
170502 - Frontline Processing Corp.
170501 - Platinum Choice Bancard LLC
161202 - International Bancard Corp.
161201 - CSR Professional Services Inc
161102 - Digitzs Solutions Inc.
161101 - Residual Sheriff LLC.
160801 - DigiPay: Solutions Inc
160702 - CreditCardProcessing.com
151202 - Benseron Information Technologies Inc.
151201 - CardWare International Inc
151101 - Lion Capital Group LLC
150801 - Topcreditcardprocessors.com
150702 - Vision Payment Solutions LLC
150601 - Conformance Technologies
150502 - Global Processing Systems
150402 - Mercantile Processing Inc.
150401 - Field Guide Enterprises
150302 - Signature Card Services
150301 - Premier Payment Systems Inc.
150201 - Humboldt Merchant Services
141102 - National Merchants Association
141001 - Instant Credit Manager
140902 - Merchant Cash and Capital LLC
140701 - National Transaction Corporation (NTC)
140601 - Total Merchant Services
140501 - Nationwide Payment Solutions
140501 - BPC Banking Technologies
140301 - Meritus Payment Solutions
131202 - First American Payment Systems L.P.
131102 - Evo Payments International LLC
131001 - Live Reps Call Center
130901 - Regal Payment Systems LLC
130901 - The Merchant Solutions
130802 - North American Bancard LLC
130801 - Payment Logistics LLC
130702 - Plug n Pay Technologies Inc.
130601 - U.S. Merchant Systems LLC
130402 - National Processing Co.
130202 - Charge Card Systems Inc.
130202 - Layered Technologies Inc.
121202 - American Microloan LLC
121102 - Keep in Touch Systems Inc.
121102 - Merchants Choice Payment Solutions
121002 - Washington Bancard Merchant Services LLC
120902 - Central Payment Co. LLC
120802 - Royal Merchant Holdings LLC
120801 - National Benefit Programs LLC
120602 - Cardinal Commerce Corp.
120601 - Veritrans Merchant Services LLC
120502 - ExecuTech Lease Group
120502 - The Small Business Authority
120402 - Chargeback Guardian Inc.
120401 - Electronic Payment Exchange
120301 - Complete Merchant Solutions LLC
120201 - CSR - Compliance Solutions and Resources
111002 - Lead Source Call Center
111001 - First Annapolis Consulting Inc.
110902 - Point of Sale System Services Inc.
110901 - Sage Payment Solutions
110801 - Century Payments Inc.
110702 - Creative Vision Studio LLC
110702 - Network Merchants Inc.
110701 - Capital Access Network Inc.
110602 - eProcessing Network LLC
110602 - Moneris Solutions Inc.
110502 - Paragon Application Systems Inc.
110401 - Merchant Implementation Services
101202 - CheckAlt Payment Solutions
101102 - Impact Payments Recruiting
101101 - Global Electronic Technology Inc.
101002 - TriSource Solutions LLC
100802 - Federated Payment Systems LLC
100801 - Voltage Security Inc.
100601 - NETSURION (formerly Vendor Safe Technologies)
100502 - Transaction Network Services Inc.
100402 - Secure Payment Systems Inc.
100401 - Elite Merchant Solutions
100302 - Retail Decisions Inc.
091201 - Performance Training Systems Bankcard Boot Camp
091101 - Merchant e-Solutions Inc.
091002 - Whitehall Capital Advisors LLC
090901 - CoCard Marketing Group LLC
090801 - First National Merchant Solutions
090701 - checXchange Money Transfer Systems Inc.
090601 - Sterling Payment Technologies
090502 - Infinity Payment Systems
090501 - Merchant Cash and Capital
090401 - UseMyBank Services Inc.
090401 - Data Delivery Services Inc.
090302 - Velocity Merchant Services
090302 - Metro Merchant Services
090301 - Smart Transaction Systems Inc.
090301 - DCC Merchant Services USA LLC
090202 - TransFirst Holdings Inc.
081202 - Affirmative Technologies Inc.
081201 - On-line Strategies Inc.
081101 - Vision Payment Solutions LLC
081002 - Veratad Technologies LLC
081001 - International Merchant Solutions LLC
080801 - GreenSoft Solutions Inc.
080702 - Smart Circle International
080601 - International Bancard Corp.
080502 - DRG Telemarketing Inc.
080501 - BCC Merchant Solutions
080402 - U.S. Merchant Systems
080401 - Greystone Business Resources Corp.
080302 - Transmedia Payment Services Ltd.
071202 - Barclay Square Leasing Inc.
071102 - FirstView Financial LLC
071001 - Sage Payment Solutions
070902 - YourTownMall Business
070901 - Nxgen Payment Services
070802 - All card Processing-AAMonte-USA
070801 - Money Movers of America Inc.
070602 - Central Point Resources Inc.
070601 - Positive Feedback Software LLC
070502 - Premier Payment Systems
070501 - Amacai Information Corp.