GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Healthcare, the next big market for electronic payments

Patti Murphy
ProScribes Inc.


Industry Update

Small banks push for fair share of breach settlements

Digital financial services explored in global meet-up

Is the domino effect accelerating Apple Pay adoption?

Information sharing companies join forces to fight cybercrime celebrates 10 years


Are merchants technology ready?

Nipping mobile fraud in the bud


Real-time chat, big-time payments issues

Dale S. Laszig
DSL Direct LLC


Street SmartsSM:
Controversial questions and answers - Part 1

Jeffrey I. Shavitz
Affinity Solutions Inc.

What to look for in a POS solutions provider

Manan Mehta
POSsible POS Inc.

ISO legal blunders

Adam Atlas
Attorney at Law

Networking tips to grow your business

Michael Gavin

Company Profile

Global Processing Systems


New Products

Generosity in a new type of jar

DipJar Inc

Automated pen-testing, PAN scanning

Cyber Attack Readiness ToolKit
Conformance Technologies


Watering the good seeds


Readers Speak

GS Books Notes

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

May 25, 2015  •  Issue 15:05:02

previous next

New Products

Automated pen-testing, PAN scanning

Product: Cyber Attack Readiness ToolKit

Conformance Technologies, a business compliance management and data protection services company headquartered in Las Vegas has created the Cyber Attack Readiness ToolKit. The simplified and automated resource is designed to help small and midsize merchants meet a new set of guidelines issued in April 2015 by the PCI Security Standards Council, which mandate penetration and PAN (performance assessment network) testing for this group of merchants, who were previously excluded from the requirement.

Payment Card Industry (PCI) Data Security Standard (DSS) 3.1 Requirement 11.3 clarifies the intent of penetration testing, which, the standard states, is designed to "verify that all out-of-scope systems are segmented (isolated) from systems in the [cardholder data environment] CDE." Merchants of all sizes have been instructed to move away from flawed SSL and TLS protocols and provide exacting detail on how they will update and secure online processing systems.

Conformance Technologies President Darrel Anderson described PCI 3.1 Requirement 11.3 as more prescriptive and specific than previous versions, which can be daunting for small merchants. Anderson pointed out that many small business owners have little understanding of how to comply with the new PCI guidelines, and they lack the means or budget to hire an outside consultant to perform these tests or to do the testing in-house.

Affordable, high quality validation and compliance

"I wanted to give merchants the same high quality compliance report that meets all requirements, passes all standards, where merchants can be tested and validated by an external authority, for considerably less," Anderson said. He and his team of security analysts created a secure and self-directed online portal with clear language and a simplified user interface, he noted.

Merchants can enter relevant data at their own pace, which is then forwarded to Conformance Technologies' security specialists for analysis and validation. This data is manually tested by professional security engineers whose responsibility it is to expose inherent vulnerabilities or threats in merchants' online processing environments.

Compliance resource, educational benefits

According to Conformance Technologies, in addition to helping merchants achieve compliance, the Cyber Attack Readiness ToolKit is an educational resource that simulates cyber attacks that merchants face every day in their real-world processing environments. And understanding the nature of these attacks can help merchants take proactive measures to strengthen and secure their processing systems.

Anderson recommended the Cyber Attack Readiness ToolKit as a resource for ISOs and merchant level salespeople for protecting their merchants, many of whom could lose their businesses in the wake of a security data breach. "That's why putting the Cyber Attack Readiness ToolKit to work is important, not only for these businesses, but for merchant portfolio operators as well," he said.

Website: Contact:

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios