GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Hard times expose vulnerable residuals

News

Industry Update

7-Eleven takes interchange issue to D.C.

Canadian debit shake-up

Two companies, two new security departments

Cyber thieves stealing from students

Features

How to leverage available technologies to manage risk and prevent fraud in RDC

Ed McLaughlin
RemoteDepositCapture.com

Research rundown

Selling Prepaid

Prepaid in brief

Vigilance is watchword in fraud prevention

Empowering the cash-compensated

Is PayPal a threat to prepaid?

Views

Portfolio conversions done right

Biff Matthews
CardWare International

The MLS and the ISO:
Cause for concern?

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
Microbranding

Jon Perry and Vanessa Lang
888QuikRate.com

Reserve accounts and processor meltdowns

Adam Atlas
Attorney at Law

Digging into PCI - Part 3:
Protecting stored cardholder data

Tim Cranny
Panoptic Security Inc.

A practiced approach

Jeff Fortney
Clearent LLC

Revving up business with profit-controlled marketing

Daniel Wadleigh
Marketing Consultant

Company Profile

Payvision

New Products

Gateway as a service

paymentAccess
paymentAccess

First Data's new dynamic duo

First Data Secure Transaction Management
First Data Corp.

Inspiration

Little actions add up

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

October 12, 2009  •  Issue 09:10:01

previous next

Two companies, two new security departments

Providing comprehensive security for cardholder data from the point of swipe to transaction settlement is of utmost importance to the payments industry. To that end, information technology (IT) and security experts are working to implement promising solutions such as end-to-end data encryption; ISOs and merchant level salespeople are endeavoring to help merchants achieve compliance with the Payment Card Industry Data Security Standard.

Recently, POS terminal manufacturer VeriFone and managed security services provider (MSSP) Gladiator Technology each formed internal security departments to strengthen their compliance offerings through development and implementation of enhanced solutions, as well as to educate payment professionals and merchants on the latest security threats.

Shielded from threats

VeriFone's Global Security Solutions business unit will focus on sales, consulting and implementation of its VeriShield Protect and VeriShield Retain solutions in conjunction with the company's POS devices. It is also charged with developing and delivering end-to-end encryption.

"To effectively protect cardholder data against current and future threats, complete security solutions must span both merchant and processor systems," said VeriFone Chief Executive Officer Doug Bergeron.

"The global focus of this business unit will ensure that all our customers are able to take advantage of these solutions throughout their entire operations."

Jeff Wakefield, former Vice President of Marketing for VeriFone's Integrated Systems business, was named General Manager and Vice President of the new business unit. "The most important aspect of any security solution is the one that brings the most benefit to both merchants and customers," Wakefield said.

"So this group is going to focus on our security solutions and will be an overlay organization over our existing sales channels."

Wakefield believes educating not only clients but also sales and marketing is critical to success. "With any new technology, if somebody doesn't fully understand it or can't answer all the questions about it, it's probably not something a sales agent will try to sell first - and that lack of knowledge certainly won't entice a potential merchant," he said. "We're going to focus on expanding that knowledge base and changing that mindset."

The cutting edge

The Security Research Department at Gladiator, a division of Jack Henry & Associates Inc., was created to foster continued growth of IT services and contribute to the security-related education of its clients. The SRD uses Gladiator's malware network to analyze new attack methods, share that information with payment professionals and help facilitate effective response strategies to protect clients from today's security threats.

"We started the SRD because we wanted to stay on the cutting edge of new attack methods and new malware variants," said Matt Riley, Director of Software Engineering for Gladiator.

"We wanted to understand these new attack vectors being used to target organizations.

"With the SRD, we thought we could bring additional knowledge to the industry to better protect their nonpublic information and critical assets. The information security realm is changing so rapidly that it's hard to keep up with new threats and vulnerabilities."

A sweet diversion

The SRD's main objective is to discover new malware variants and attack methods, but it also uses Gladiator's malicious software network, which is a series of "honey pots" that constantly monitor attacks and prevent cyber criminals from hacking into data networks. A honey pot is software that mimics different types of servers and entices fraudsters to launch attacks against what they believe to be legitimate networks or servers. The honey pot captures and logs attacks, allowing Gladiator to "reverse engineer" that file to see what type of attack it was and where it came from.

But, according to Riley, that is really only half of the solution: The rest is up to the client. "We pride ourselves on helping financial institutions of all sizes stay abreast of the newest threats and attack vectors, but ultimately what we tell our customers is that you can't outsource responsibility," Riley said. He pointed out that even if a company outsources its security to an MSSP like Gladiator, it still has to have the policies, procedures, risk and vulnerability assessments and scans in place. "But at the SRD we understand the regulatory requirements that govern payment processors and what kind of scrutiny organizations are under, so we can provide the necessary services and support to help them meet all the security mandates and guidelines," he said.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems