The Green Sheet :: Company Profiles

The pit crew for ISO and MLS drivers

Almost anybody can name popular NASCAR drivers like Jeff Gordon and Dale Earnhardt Jr., but who can name the tire changers in their pit crews? You can't be an extraordinary driver without an exceptional crew with innovative ideas - a crew that can identify problems, develop strategies and get things fixed fast.

Network Merchants Inc. can be likened to the NASCAR pit crew: indispensible but anonymous to merchants. And that's just the way NMI likes it. NMI is the support crew in the ISO and merchant level salesperson (MLS) race to success. NMI knows it can't thrive in the long run if it copies what other racing teams are doing. Success comes through innovation, the ability to imagine and create next-generation systems that improve speed and efficiency - and win races.

Wall to wall protection

NMI 's newest innovation is a next-generation security suite called Merchant Defender. The official rollout for the security package came during the Midwest Acquirers Association's annual conference in July 2011, when NMI demonstrated the product.

Merchant Defender employs an encryption-based technology that protects merchants and customers by removing all credit card data from merchant networks and storing customers' encrypted information in NMI's secure servers. "In this profession, we need to help merchants with security," NMI Chief Technology Officer Matthew Schmidgall said.

"Merchant Defender is a complete set of security tools that will eliminate clear text credit card information from the merchant's environment."

The suite includes the latest version of NMI's security software, iSpyFraud, as well as a newly developed, reportedly inexpensive encryption keypad that encrypts credit card numbers before they go into the merchant's network. "This innovative hardware completes our solution to remove the merchant's network from the scope of PCI," Schmidgall said.

Merchant Defender card-present technology includes encrypted card readers, an iProcess mobile application, and the SyncPay QuickBooks plug-in. The card-not-present piece of the suite includes the encrypted keypad device for key-entered transactions and the SyncPay plug-in. NMI stated the revolutionary piece of the package is a three-step application programming interface (API) for the e-commerce portion of the suite that connects to the payment platform and allows encryption at the terminal before the credit card information gets to the merchant system.

In short, NMI believes it has developed the most advanced, complete merchant security package on the market - and the only one that gives merchants and their customers the confidence that sensitive credit card data in the merchant's network is secure. From NMI's standpoint, the nexus of this confidence is obvious: if unencrypted information isn't on merchant systems, nobody can steal it and use it.

"When you swipe a credit card or key-in a credit card number, the unencrypted, sensitive data never goes into the PC," Schmidgall said, adding that Merchant Defender will prevent virtually any system intruder from accessing sensitive payment data.

He believes this takes data security to a new level. "We've worked with device manufacturers to build encrypted keypads, and now we can protect merchants who perform card-not-present transactions, create subscriptions and perform credit card searches," he said. "The encrypted data is sent to the gateway, and we do the decryption, storage and transmittal. We believe we are the only gateway to provide this complete solution."

Web security patrol since 2001

NMI Vice President of Product Development Nicholas Starai said his company has always accepted responsibility for merchant security. "We have always considered security a priority," he told The Green Sheet. "Gateways should be competent in the security space. If you can't trust your gateway, who can you trust? We don't want merchants to worry about PCI and security. We want them to work on selling to their customers."

Though NMI is a privately held risk management and analysis software company, NMI's raison d'être remains security. The company officially opened its offices in Schaumburg, Ill., just outside of Chicago, in May 2001.

At that time, the Internet was still considered to be in early stage development, which exposed online merchants to a new level of fraud. NMI's Chief Executive Officer James McKenzie, Chief Operating Officer Ted Cucci and Schmidgall recognized a fraud prevention solution would be critical to merchant survival in the burgeoning web environment, so the three combined their collective experience in merchant consulting, data security and domain registration to develop the company's first product, iSpyFraud.

As a fraud detection and prevention tool, iSpyFraud software was originally developed for ItsYourDomain (now Hover), an online web-hosting service. NMI said that from the beginning, the software was a success, earning accolades from payment processors, and today it continues to drive company growth as a proven tool in the arsenal against payment fraud.

"We now process billions of dollars every year," Schmidgall said. "We are processing transactions for tens of thousands of merchants. We are pretty fortunate, but the credit goes to our ISOs. We don't work with merchants directly. We work with ISO partners. That, in addition to our focus on technology and security, is what has kept us successful."

A precision-built race engine

Once NMI had successfully created and marketed its initial fraud prevention tools, the next step in its evolution was to build a gateway that integrated bankcard processing with iSpyFraud software. The result was a seamless, secure processing package unlike anything else on the market, according to Schmidgall.

Since the gateway's release in 2003, NMI has continued to develop useful add-on capabilities. These include a virtual terminal; API integration; batch uploading; a free, brandable shopping cart; electronic check services; recurring billing and multipayment platfoms.

"A core group of engineers built the gateway," Starai said. "These are people with a tremendous amount of experience in the industry. At NMI, we put more of our resources into engineers and customer service than sales staff. We believe we should concentrate on what we are good at - technology and security - and let the ISOs do what they excel at - finding solutions for their merchants."

NMI reported that when it introduced its gateway, merchant users benefited from the security and fraud scrubbing capabilities of the software, which were coupled with NMI's exclusive payment processing technology. The company credits its management team for enabling NMI to remain a debt free, profitable company since 2002, while it continues to build and market a diverse line of products and services that support its infrastructure and overhead.

The company firmly believes its technology infrastructure is one of the most reliable on the market, with its multiple redundancies in connectivity, carriers and telecommunications companies, and network of SAS-70 (a widely recognized auditing standard) datacenter facilities. The company attested it also meets or exceeds all major card brand security standards, including the Payment Card Industry (PCI) Data Security Standard (DSS) and the Card Information Security Program, and has passed its MasterCard Worldwide-mandated RAMP review to confirm compliance with other nationally recognized security standards.

"We can't wait for the [credit card companies] to come up with bulletproof security methods," Schmidgall said when discussing the company's philosophy. "A lot of companies rely on [the major card brands] to set standards for them to meet. Our concept is to exceed these security standards and lead the payment processing industry."

NMI continually endeavors to add value to its services with new offerings. It sells e-check processing, payer authentication, and a security certification program called CertifyPCI that helps Level 3 and Level 4 merchants validate PCI DSS compliance.

In March 2011, NMI introduced a free mobile processing module for Apple Inc.'s iPhone, iPad and iPod Touch devices, which allows anyone to process credit cards via a cellular or Wi-Fi connection. The module includes an encrypted card reader, a geo-tag location printed on the receipt, and the ability to transmit e-mail receipts and capture digital signatures. It can also perform partial or full refunds in the transaction history log. The company's SyncPay QuickBooks payment gateway plug-in was introduced in April 2011.

Helping agents navigate every turn

Schmidgall recalled that from the company's earliest days its leaders have stressed the value of marketing through ISOs and MLSs, and this remains the company's core philosophy. "We have good relations with our ISOs," he said. "We don't aggressively market. We don't compete with our agents." In short, the agents are the drivers, and NMI is the racing support team.

"Our ISOs are an important part of our sales and marketing team," Starai said. "They tell us what they can sell, and we do our best to deliver revenue-generating products and services."

NMI offers agents a private-label solution that disguises the manufacturer and helps to cut merchants out of the buying loop. NMI services and technology are offered as options to their sales partner network. And the programs and services NMI provides can be white-labeled so ISOs can continue to offer their own programs and service options without having to compete with NMI's offerings.

"This is a two-way process," Schmidgall said. "It's important that we hire well qualified employees and improve the education and advancement of our entire staff so that they can in turn help educate ISOs. Through in-house training programs and those offered by groups like the ETA, PCI and The Association of Certified Fraud Examiners, we are constantly improving the education and advancement of our entire staff.