The Green Sheet Online Edition
May 13, 2013 • Issue 13:05:01
Meet The Expert: Ross Federgreen
Ross Federgreen, founder of data security firm CSR, is a busy man. His data security expertise is sought by national and international organizations, such as the United States Senate, the U.S. Agency for International Development and a number of multinational corporations.
As well as being on the advisory board of The Green Sheet, Federgreen is on the board of the International Association of Privacy Professionals and is a member of the Electronic Transactions Association's Data Security Task Force.
That's quite a resume for a man with a background in what at first glance seems like a completely unrelated field: the science of medical economics and health care claims reimbursements.
It was 1999 and Federgreen, who has a doctorate from Yale University, was searching for greener pastures to apply his expertise.
At the top of his industry wish list were waste output, electricity auditing and payments - all regulated industries in which protecting third-party personally identifiable information (PII) is a priority.
Federgreen said he chose payments because "most ongoing regulations are related to payments. Payments are at the core of what is keeping people in business." He thus formed CSR with a straightforward business model - to offer compliance remedies for regulatory headaches.
Help for PCI and SAQs
CSR creates compliance and business solutions to reduce risk and facilitate compliance with data security regulations, such as the Payment Card Industry (PCI) Data Security Standard (DSS).
The company owns what it believes to be the only patented PCI compliance product, called PCI ToolKit, which allows merchants to complete annual PCI DSS self-assessment questionnaires (SAQs) and demonstrate PCI DSS compliance.
The toolkit guides merchants through the SAQ process with simple questions written in layman's terms and focused specifically on the retailer's particular business.
When the program finds an item of noncompliance, weakness or risk, it notifies the merchant of the problem and dispenses remediation instructions and deadlines.
CSR has several more patent applications pending for its compliance solutions. One patent application covers the CSR Breach Reporting ToolKit, a solution to help companies meet federal, state and other regulatory requirements following a system breach and data loss.
CSR also markets an ISO Optimization Program, a consulting service to help ISOs identify organizational weaknesses and improve productivity, save money and reduce risk.
"These are incredibly important value-added services for relationships with ISOs and acquirers," Federgreen said. "These services tend to bring stability to the acquirer relationships.
"We offer more than just payment services. Privacy is a global issue. These products give the merchant and provider and their partners the leading edge in PII issues over time."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.