17 years of fighting breaches

Clifton, N.J.-based software provider Comodo Group Inc. has been keeping data safe from hackers since 1998. With 850 employees and offices spanning the globe Comodo bills itself as the world's leading supplier of Secure Sockets Layer (SSL) certificates, according to Robert Gersten, the company's Principal Director, ISOs and Acquirers.

The SSL computer networking protocol protects connections from servers to browsers. "If you're doing e-commerce, you need an SSL certificate to encrypt transactions," Gersten said. Comodo got its start providing those certificates and now claims a worldwide market share of more than 30 percent. The company has also expanded by acquiring other vendors. It now operates in three main overlapping segments: consumer, enterprise and e-commerce.

Comodo has been working with ISOs for about seven years to provide Payment Card Industry (PCI) Data Security Standard (DSS) scans for merchants. About a year and a half ago, Comodo began combining its security services to create a larger package ISOs can offer their clients. "We kicked off the formal program in March of this year, and we've really been getting pretty good traction," Gersten said.

Comodo and the ISOs

Working with ISOs hinges on three initiatives, according to Gersten. First, the company is taking advantage of its high volume of SSL certificates to promote the technology to merchants. Second, merchants can use what Comodo calls its Painless PCI program to ease the "onerous" compliance process. Third, Comodo's SecureBox POS security system prevents data breaches.

Comodo sometimes works with other vendors to deliver technology. In July 2015, for example, the company announced that Naples, Fla.-based Benseron Information Technologies Inc., maker of the Bevo POS, is incorporating SecureBox containment technology into more than 20,000 POS systems across the globe.

Containment sets Comodo apart from competitors, according to Gersten. Anyone can deal with good files and with files that have already been identified as malware, he said, noting that Comodo excels at handling unknown files – those that might or might not cause problems. Comodo guards against potential problems with unknown files by creating a software container around them so that hackers can't get access to the information, he added.

Extra referral fees

In addition to offering what Gersten calls "full-blown" PCI services, Comodo supplies merchants with "extras," such as anti-spam software. If a Comodo expert who's helping a merchant interpret an SAQ question notices a need for an extra service, he or she offers to install it. If the merchant buys that add-on, the ISO receives another commission. "That can develop into a pretty nice revenue stream," he said.

While pitching the extra, the Comodo software expert takes care not to offend the merchant, Gersten said. "It's a very soft sell" because the company doesn't want to jeopardize the ISO-merchant relationship, he noted. However, the likelihood of additional purchases is strong: a need for extra products arises with 25 to 60 percent of merchants, Gersten noted. "If we're working with e-commerce providers, it's on the high end," he said.

Staying informed

Comodo provides ISOs with a computer-screen dashboard they can use to monitor how well their merchants are fairing with PCI compliance efforts. It's complicated but worthwhile to track merchants' progress because it can cement ISOs' client relationships, Gersten said.

The company is working directly with about a dozen ISOs, including Instabill Corp. and TransAct Technologies Inc., but touches many other ISOs because third-party companies sell its products. Some ISOs white-label Comodo products, while others prefer to trade on the Comodo brand, according to Gersten.

Globally, Comodo has installed 85 million PCI consumer security suites, works with 600,000 business customers and maintains relationships with 8,000 sales partners, Gersten said. He described their reseller program as being channel-centric. "The bad part of being channel-centric is that not many people know our name – but we're getting there," he added.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.