Ross Federgreen, Chief Executive Officer and founder of payment and data privacy consultancy CSR Professional Services Inc., frequently finds himself correcting misconceptions about data security. Take the Payment Card Industry Data Security Standard (PCI DSS): "PCI is a misguided concept these days," he said, noting that despite years of outreach and education, many small merchants, whether they realize it or not, are not compliant.
"They check off all the self-certifying boxes, and that's a mistake," he said. "It has absolutely nothing to do with the realities of the world and the big players who spend tens of millions of dollars on very sophisticated systems that still get hacked all the time."
Federgreen also noted that only 4 to 7 percent of breaches are bankcard related; over 90 percent target other types of personally identifiable information (PII), such as birth dates and Social Security, driver's license, and automated clearing house routing numbers.
Federgreen served as an adviser to the United States Senate, the U.S. Agency for International Development and numerous multinational corporations. When he founded Jensen Beach, Fla.-based CSR in 1999, he was drawn to payments because "payments are at the core of what is keeping people in business," he said. CSR's initial goal ‒ to offer compliance remedies for regulatory headaches ‒ remains relevant today.
CSR offers a range of data privacy and security tools and services for businesses, organizations and even schools. These include the patented CSR Breach Reporting Service, which facilitates timely, accurate PII data breach reporting and consumer notifications; the patent-pending CSR Readiness Suite, a data life cycle management program that provides online risk evaluation, remediation and employee training material related to PII; and Stand-In Privacy Officer (SIPO), which provides comprehensive consulting for midsize and large companies.
The consequences of not reporting breaches can be drastic, with "very serious dollars" assessed in penalties, Federgreen noted. Additional damages include class-action lawsuits, years of federal oversight, civil and possibly criminal prosecution, and reputational damage and loss of sales, he said.
The CSR Breach Reporting Service provides a single point for clients to call when a breach has been detected. "We report that information to all of the appropriate parties at the federal, state and local levels and to the brand as required based upon what data was stolen," Federgreen said. Companies are under a tight timeline to report breaches, and they "usually don't have the business bandwidth to do it," he added.
The CSR Readiness Suite provides online, interactive data risk assessment to identify gaps; risk mitigation tools including an incident response plan; policy templates and best practices; proof of efforts to comply with regulations; 24/7 access to services to maintain data privacy strength; and privacy compliance training.
As data privacy regulations change, many companies will also need to have certified Privacy Officers. CSR's SIPO solution provides clients with top Certified Information Privacy Professionals (CIPPs) with certifications in the United States, Canada and the European Union.
"We have four CIPPs in our organization, so we're fully certified to provide these services," Federgreen said. Internally, CSR has 25 to 30 individuals comprising teams to address clients' specific needs and performance criteria. Federgreen estimated that 85 percent of CSR's clients are ongoing. "We're all about education and learning," he said. "That's true in everything we do."
With the commoditization of payment processing, income from value-added services has become critical. Meanwhile, mass-market distribution of CSR's products through ISO channels has made its online compliance solutions affordable to a majority of merchants, Federgreen stated. Our services "bring stability to the acquirer relationships," he said. "They give the merchant and provider and their partners the leading edge in PII issues over time." Federgreen sees significant opportunity ahead for CSR's ISO partners. "We are continuing to grow our team of certified individuals, expanding dramatically on a global basis," he said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
CEO and founder
Company Profile originally appeared in
The Green Sheet Issue 161201
220601 - Nationwide Payment Systems
211102 - Kalamata Capital Group
210701 - Choice Merchant Solutions
200601 - Delta Payment Solutions
190802 - Credit.net, a division of Infogroup
190702 - Samsung Electronics America Inc.
181201 - Network Merchants LLC
180902 - MainStream Merchant Services Inc.
180801 - Century Business Solutions
180502 - Priority Payment Systems Northeast
180501 - Merchant e-Solutions Inc.
180301 - Wirecard North America
180201 - Sysnet Global Solutions Ltd.
171202 - Secure Cryptopayments
171002 - National Benefit Programs LLC
170902 - Frates Insurance & Risk Management
170901 - DCS Holdings Group LLC
170802 - Apogee Payment Systems LLC
170702 - Active Software & Hardware Systems
170701 - Veratad Technologies LLC
170502 - Frontline Processing Corp.
170501 - Platinum Choice Bancard LLC
170201 - Electronic Payments Inc.
161202 - International Bancard Corp.
161201 - CSR Professional Services Inc
161102 - Digitzs Solutions Inc.
161101 - Residual Sheriff LLC.
160801 - DigiPay: Solutions Inc
160702 - CreditCardProcessing.com
160201 - Lead Tracking Systems LLC
151202 - Benseron Information Technologies Inc.
151201 - CardWare International Inc
151101 - Lion Capital Group LLC
150801 - Topcreditcardprocessors.com
150702 - Vision Payment Solutions LLC
150601 - Conformance Technologies
150502 - Global Processing Systems
150402 - Mercantile Processing Inc.
150401 - Field Guide Enterprises
150302 - Signature Card Services
150301 - Premier Payment Systems Inc.
150201 - Humboldt Merchant Services
150102 - Expansion Capital Group LLC
141102 - National Merchants Association
141001 - Instant Credit Manager
140902 - Merchant Cash and Capital LLC
140701 - National Transaction Corporation (NTC)
140601 - Total Merchant Services
140501 - Nationwide Payment Solutions
140501 - BPC Banking Technologies
140301 - Meritus Payment Solutions
140201 - Process Pink Payments LLC
131202 - First American Payment Systems L.P.
131102 - Evo Payments International LLC
131001 - Live Reps Call Center
130901 - Regal Payment Systems LLC
130901 - The Merchant Solutions
130802 - North American Bancard LLC
130801 - Payment Logistics LLC
130702 - Plug n Pay Technologies Inc.
130601 - U.S. Merchant Systems LLC
130402 - National Processing Co.
130202 - Charge Card Systems Inc.
130202 - Layered Technologies Inc.
130102 - Glazer_Kennedy Insiders Circle LLC
121202 - American Microloan LLC
121102 - Keep in Touch Systems Inc.
121102 - Merchants Choice Payment Solutions
121002 - Washington Bancard Merchant Services LLC
120902 - Central Payment Co. LLC
120802 - Royal Merchant Holdings LLC
120801 - National Benefit Programs LLC
120602 - Cardinal Commerce Corp.
120601 - Veritrans Merchant Services LLC
120502 - ExecuTech Lease Group
120502 - The Small Business Authority
120402 - Chargeback Guardian Inc.
120401 - Electronic Payment Exchange
120301 - Complete Merchant Solutions LLC
120201 - CSR - Compliance Solutions and Resources
120102 - Alpha Card Services Inc.
111002 - Lead Source Call Center
111001 - First Annapolis Consulting Inc.
110902 - Point of Sale System Services Inc.
110901 - Sage Payment Solutions
110801 - Century Payments Inc.
110702 - Creative Vision Studio LLC
110702 - Network Merchants Inc.
110701 - Capital Access Network Inc.
110602 - eProcessing Network LLC
110602 - Moneris Solutions Inc.
110502 - Paragon Application Systems Inc.
110401 - Merchant Implementation Services
110301 - FrontStream Payments Inc.
101202 - CheckAlt Payment Solutions
101102 - Impact Payments Recruiting
101101 - Global Electronic Technology Inc.
101002 - TriSource Solutions LLC
100802 - Federated Payment Systems LLC
100801 - Voltage Security Inc.
100601 - NETSURION (formerly Vendor Safe Technologies)
100502 - Transaction Network Services Inc.
100402 - Secure Payment Systems Inc.
100401 - Elite Merchant Solutions
100302 - Retail Decisions Inc.
100102 - Payment Alliance International
091201 - Performance Training Systems Bankcard Boot Camp
091101 - Merchant e-Solutions Inc.
091002 - Whitehall Capital Advisors LLC
090901 - CoCard Marketing Group LLC
090801 - First National Merchant Solutions
090701 - checXchange Money Transfer Systems Inc.
090601 - Sterling Payment Technologies
090502 - Infinity Payment Systems
090501 - Merchant Cash and Capital
090401 - UseMyBank Services Inc.
090401 - Data Delivery Services Inc.
090302 - Velocity Merchant Services
090302 - Metro Merchant Services
090301 - Smart Transaction Systems Inc.
090301 - DCC Merchant Services USA LLC
090202 - TransFirst Holdings Inc.
090201 - ACH Payment Solutions
081202 - Affirmative Technologies Inc.
081201 - On-line Strategies Inc.
081101 - Vision Payment Solutions LLC
081002 - Veratad Technologies LLC
081001 - International Merchant Solutions LLC
080801 - GreenSoft Solutions Inc.
080702 - Smart Circle International
080601 - International Bancard Corp.
080502 - DRG Telemarketing Inc.
080501 - BCC Merchant Solutions
080402 - U.S. Merchant Systems
080401 - Greystone Business Resources Corp.
080302 - Transmedia Payment Services Ltd.
080102 - Sonoma Technical Support Services
071202 - Barclay Square Leasing Inc.
071102 - FirstView Financial LLC
071001 - Sage Payment Solutions
070902 - YourTownMall Business
070901 - Nxgen Payment Services
070802 - All card Processing-AAMonte-USA
070801 - Money Movers of America Inc.
070602 - Central Point Resources Inc.
070601 - Positive Feedback Software LLC
070502 - Premier Payment Systems
070501 - Amacai Information Corp.
070402 - National Bankcard Systems