Since 1999, payment and data privacy consultancy CSRSI, The Payment Advisors, has advised government agencies, multinational corporations, financial institutions and ISOs on how to reduce the costs of acquiring, protect against fraud, and maximize data security and compliance. Over 1,750 consulting jobs later, the company is evolving - and so is its mission. In January 2012, CSRSI added a doing-business-as moniker, CSR, which stands for Compliance Solutions and Resources.
"We started out with the name CSRSI, and that originally stood for Cost Savings Reduction Specialists Inc.," said company founder Ross Federgreen. "As time marched on, we really became very focused on consultative compliance audits."
But Federgreen found that clients sometimes had a difficult time remembering the name. The new, simplified name more accurately reflects the company's core competencies as consultants and resource providers, Federgreen noted.
"We have a consultative side, which has been the traditional side of the company, as well as a mass-market production side where we provide compliance solutions for a significant number of merchants, whether it's the PCI ToolKit or the CSR Breach Reporting ToolKit," he said.
CSR has several other products under development, including the HIPAA (Health Insurance Portability and Accountability Act) Hitech ToolKit. "These are all compliance solutions on a consultative basis," Federgreen added. "They're all resources, so we thought the name tied in well to where we are, what we're doing and what we want to do in the future."
As a consultant, Federgreen has a substantial pedigree, having served as an advisor to the United States Senate, the U.S. Agency for International Development and numerous multinational corporations. He has also consulted for The Rockefeller Foundation and management advisory firm McKinsey & Co., and is among an elite group who carry a governmental sub-specialization rating, meaning he possesses in-depth knowledge of federal statutes pertaining to sets of procedures and protocols for interfacing with the government and for the government to operate internally.
"I have bridged the political-economic advisory role for 30 years, and it's been one large continuum," Federgreen said. A majority of his early consultative work focused on the traditional payments space, ranging from requests for proposals from large acquirer entities to cross-border, cross-national payment solutions.
Federgreen works in tandem with Rick Heroux - the only business partner Federgreen has ever had. As company President, Heroux oversees corporate operations and product development. He has also advised hundreds of businesses - from Fortune 100s to startups - on payment cost performance, Payment Card Industry (PCI) Data Security Standard (DSS) compliance, alternative payments and fraud prevention management.
Federgreen said that at this point, CSR does little to no consulting for clients below $25 to $50 million in annual revenue. "Most of our clients are in the hundreds of millions or more," he said. Consulting expertise for these clients includes multilateral payment system design, integration and cost; risk and regulatory compliance; and data security for domestic, foreign and cross-border entities.
But smaller merchants also benefit from CSR. In 2005, the company developed its PCI ToolKit for large processors. That kit was ultimately distributed to the small merchant population and continues to be enhanced.
"We have four CIPPs [Certified Information Privacy Professionals] in our organization, so we're fully certified to provide these services, and we sell them to our ISOs," Federgreen said. Internally, CSR has approximately 25 to 30 individuals assembled into teams to deal with specific needs of clients and specific sets of performance criteria. Federgreen plans to extend the on-demand team model as CSR expands.
CSR offers its compliance products on a software-as-a-service basis. Its flagship product, the PCI ToolKit, serves approximately 30,000 to 40,000 merchants each month. The soft launch of the CSR Breach Reporting ToolKit was expected to conclude in January 2012, with a formal launch shortly thereafter.
"The PCI ToolKit is unique in that it is a survey type of system that is not standard SAQ [self assessment questionnaire] by any stretch of the imagination," Federgreen said. "It provides merchants with a very sophisticated survey set of questions.
"And then from those answers, they'll get a specific set of tasks that they need to complete before they can become compliant. So, really, it's gap analysis for their remediation schedule. Then we also do all the brand reporting associated with it."
In addition to automating the SAQ process, PCI ToolKit assists merchants with quarterly network security scans as mandated by the PCI DSS. The system is approved scanning vendor (ASV) agnostic, which means clients can contract with the ASV of their choice.
According to Federgreen, there are five PCI regulated data types: date of birth, Social Security number, driver's license number, credit and debit card number, and automated clearing house routing number. To help merchants comply with data breach reporting requirements, CSR's system provides a single point for clients to make the initial call once a breach has been detected.
"We report that information to all of the appropriate parties at the federal, state, local levels and to the brand as required based upon what data was stolen," Federgreen said. "They are under a very significant timeline to report the breach ... and usually don't have the business bandwidth to do it."
A key benefit in reselling the breach reporting tool kit is that it doesn't require ownership of the merchant identification number, Federgreen noted. "We have a lot of resellers who are actually selling it outside of their own merchant population because with the PCI ToolKit, obviously, they need to own or control the merchant ID number," he said. "That is absolutely not true with the CSR Breach Reporting ToolKit."
CSR's soon-to-be released HIPAA Hitech ToolKit product will draw upon the same survey technique used in its PCI ToolKit to guide health care providers through the steps involved in medical records compliance as required by law.
Aligning with a company well versed in compliance has been reassuring for Merchant Services Inc. "I do not see that [level of competency] with every product vendor that I come across," said Nathan Jurczyk, Vice President at MSI.
"We use their product for the vast majority of merchants as long as it's the right fit. They're a very appropriate fit for your standard brick-and-mortar and midsized businesses. It's a good quality product that delivers results. We bundle it with our master package of services."
In working with thousands of merchant businesses, Jurczyk has observed that a certain number inevitably fall outside traditional models. "You always have that 5 percent factor," he said. "Those are the folks that can be incredibly difficult to walk through PCI compliance. That's where I've found CSR to be invaluable."
To address the disparate needs of merchants across the spectrum, CSR segments its services, providing formal privacy consultations to large merchants, while smaller merchants receive its Tier 2 services based on their level of progress in the compliance process.
"Number one, there is some percentage of merchants who want us to come in early on, review the data elements they have, look at the lifecycle of those data elements and then advise them what the proper handling and match them with that," Federgreen said. "That's a growing part of our portfolio." He added that the second type of merchant typically calls upon CSR to examine specific back patterns and advise them accordingly.
CSR also has a growing population of merchants victimized by breaches that ask CSR to put on its "forensic hat" and "advise them of the areas of privacy that were violated, what may have happened, and, most importantly, what the rules and requirements are for data subject notification," Federgreen noted.
Federgreen said most merchants, regardless of size, have reservations about the compliance process, especially about advisers that deliver mediocre service - an unfortunate but all-too-common occurrence. "They engage with someone and they don't get complete answers," he said. "They don't stay with them over time."
Federgreen noted that this doesn't happen at CSR, where follow-through is imperative. He estimated that 85 percent of CSR's clients are ongoing. "We're all about education and learning," he said. "That's true in everything we do."
Federgreen said mass-market distribution of CSR's products through ISO channels has made its online compliance solutions affordable to a majority of the merchant population, and he added it clearly generates revenue.
He pointed out that with the commoditization of the interchange side of the business, income from the service side has become more important for the economic well-being of CSR's partners, and CSR is fully cognizant of that.
"The message I'd like to deliver is that we have great, proven products, are very proud of what we've accomplished, but we want to do more," Federgreen said. "We want to hear from people because I think they're the ones that generate the interesting ideas. If somebody has the question, usually 9 out of 10 other people have something similar, too, that they're concerned about. That's been our mantra."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
830 NE Pop Tilton Place
Jensen Beach, FL 34957
Company Profile originally appeared in
The Green Sheet Issue 120201
220601 - Nationwide Payment Systems
211102 - Kalamata Capital Group
210701 - Choice Merchant Solutions
200601 - Delta Payment Solutions
190802 - Credit.net, a division of Infogroup
190702 - Samsung Electronics America Inc.
181201 - Network Merchants LLC
180902 - MainStream Merchant Services Inc.
180801 - Century Business Solutions
180502 - Priority Payment Systems Northeast
180501 - Merchant e-Solutions Inc.
180301 - Wirecard North America
180201 - Sysnet Global Solutions Ltd.
171202 - Secure Cryptopayments
171002 - National Benefit Programs LLC
170902 - Frates Insurance & Risk Management
170901 - DCS Holdings Group LLC
170802 - Apogee Payment Systems LLC
170702 - Active Software & Hardware Systems
170701 - Veratad Technologies LLC
170502 - Frontline Processing Corp.
170501 - Platinum Choice Bancard LLC
170201 - Electronic Payments Inc.
161202 - International Bancard Corp.
161201 - CSR Professional Services Inc
161102 - Digitzs Solutions Inc.
161101 - Residual Sheriff LLC.
160801 - DigiPay: Solutions Inc
160702 - CreditCardProcessing.com
160201 - Lead Tracking Systems LLC
151202 - Benseron Information Technologies Inc.
151201 - CardWare International Inc
151101 - Lion Capital Group LLC
150801 - Topcreditcardprocessors.com
150702 - Vision Payment Solutions LLC
150601 - Conformance Technologies
150502 - Global Processing Systems
150402 - Mercantile Processing Inc.
150401 - Field Guide Enterprises
150302 - Signature Card Services
150301 - Premier Payment Systems Inc.
150201 - Humboldt Merchant Services
150102 - Expansion Capital Group LLC
141102 - National Merchants Association
141001 - Instant Credit Manager
140902 - Merchant Cash and Capital LLC
140701 - National Transaction Corporation (NTC)
140601 - Total Merchant Services
140501 - Nationwide Payment Solutions
140501 - BPC Banking Technologies
140301 - Meritus Payment Solutions
140201 - Process Pink Payments LLC
131202 - First American Payment Systems L.P.
131102 - Evo Payments International LLC
131001 - Live Reps Call Center
130901 - Regal Payment Systems LLC
130901 - The Merchant Solutions
130802 - North American Bancard LLC
130801 - Payment Logistics LLC
130702 - Plug n Pay Technologies Inc.
130601 - U.S. Merchant Systems LLC
130402 - National Processing Co.
130202 - Charge Card Systems Inc.
130202 - Layered Technologies Inc.
130102 - Glazer_Kennedy Insiders Circle LLC
121202 - American Microloan LLC
121102 - Keep in Touch Systems Inc.
121102 - Merchants Choice Payment Solutions
121002 - Washington Bancard Merchant Services LLC
120902 - Central Payment Co. LLC
120802 - Royal Merchant Holdings LLC
120801 - National Benefit Programs LLC
120602 - Cardinal Commerce Corp.
120601 - Veritrans Merchant Services LLC
120502 - ExecuTech Lease Group
120502 - The Small Business Authority
120402 - Chargeback Guardian Inc.
120401 - Electronic Payment Exchange
120301 - Complete Merchant Solutions LLC
120201 - CSR - Compliance Solutions and Resources
120102 - Alpha Card Services Inc.
111002 - Lead Source Call Center
111001 - First Annapolis Consulting Inc.
110902 - Point of Sale System Services Inc.
110901 - Sage Payment Solutions
110801 - Century Payments Inc.
110702 - Creative Vision Studio LLC
110702 - Network Merchants Inc.
110701 - Capital Access Network Inc.
110602 - eProcessing Network LLC
110602 - Moneris Solutions Inc.
110502 - Paragon Application Systems Inc.
110401 - Merchant Implementation Services
110301 - FrontStream Payments Inc.
101202 - CheckAlt Payment Solutions
101102 - Impact Payments Recruiting
101101 - Global Electronic Technology Inc.
101002 - TriSource Solutions LLC
100802 - Federated Payment Systems LLC
100801 - Voltage Security Inc.
100601 - NETSURION (formerly Vendor Safe Technologies)
100502 - Transaction Network Services Inc.
100402 - Secure Payment Systems Inc.
100401 - Elite Merchant Solutions
100302 - Retail Decisions Inc.
100102 - Payment Alliance International
091201 - Performance Training Systems Bankcard Boot Camp
091101 - Merchant e-Solutions Inc.
091002 - Whitehall Capital Advisors LLC
090901 - CoCard Marketing Group LLC
090801 - First National Merchant Solutions
090701 - checXchange Money Transfer Systems Inc.
090601 - Sterling Payment Technologies
090502 - Infinity Payment Systems
090501 - Merchant Cash and Capital
090401 - UseMyBank Services Inc.
090401 - Data Delivery Services Inc.
090302 - Velocity Merchant Services
090302 - Metro Merchant Services
090301 - Smart Transaction Systems Inc.
090301 - DCC Merchant Services USA LLC
090202 - TransFirst Holdings Inc.
090201 - ACH Payment Solutions
081202 - Affirmative Technologies Inc.
081201 - On-line Strategies Inc.
081101 - Vision Payment Solutions LLC
081002 - Veratad Technologies LLC
081001 - International Merchant Solutions LLC
080801 - GreenSoft Solutions Inc.
080702 - Smart Circle International
080601 - International Bancard Corp.
080502 - DRG Telemarketing Inc.
080501 - BCC Merchant Solutions
080402 - U.S. Merchant Systems
080401 - Greystone Business Resources Corp.
080302 - Transmedia Payment Services Ltd.
080102 - Sonoma Technical Support Services
071202 - Barclay Square Leasing Inc.
071102 - FirstView Financial LLC
071001 - Sage Payment Solutions
070902 - YourTownMall Business
070901 - Nxgen Payment Services
070802 - All card Processing-AAMonte-USA
070801 - Money Movers of America Inc.
070602 - Central Point Resources Inc.
070601 - Positive Feedback Software LLC
070502 - Premier Payment Systems
070501 - Amacai Information Corp.
070402 - National Bankcard Systems