The Green Sheet Online Edition
February 11, 2008 • Issue 08:02:01
Boardroom to street, security's his beat
Steven Peisner joined the ranks of merchant level salespeople (MLSs) by accident 24 years ago, but his ensuing career has been anything but happenstance. He has scaled the payments industry heights closing deal after deal, as well as founding and shaping companies of his own. Through it all, his quest has been to serve merchants. And right now his passion is fraud prevention and data protection.
Peisner is President of SellitSAFE.com, a Web site dedicated to providing merchants the tools and resources necessary to protect their merchant accounts and bankcard transactions.
In addition, he is the founder of Shared Information Systems, which developed NoChargeBacks.com, an enterprise offering Internet and MO/TO merchants access to cardholders' chargeback histories as a way to prevent fraud or electronic shoplifting.
Peisner, who is on the Electronic Transactions Association's Government Relations Committee, is also a member of the International Association of Financial Crimes Investigators. He is adamant that fraud and identity theft must be eliminated from the payments industry.
Peisner believes integrity, honesty and support are vital to the survival of both his and his merchants' businesses. In this article, he discusses his mission to make the Internet a safer place to sell, his resemblance to a fictional movie character and reveals his greatest success as an agent.
The Green Sheet: You still seem excited about this business after all this time. Why is that?
Steven Peisner: There's just something about this industry. ... I find once people are in it, they don't get out of the business. There are certain people, like Joe Kaplan, who has sold his business twice for millions and is working harder now than he ever was. To this day, no matter what store I walk into, I find myself looking over the counter to see what kind of terminal and printer they have.
I'm not sure of any other business where someone does that. Besides, if the proprietor says something, you've always got your opener: 'Well, I'm in the business ... '
GS: How did SellitSAFE come about?
SP: SellitSAFE was created based on the need of one merchant and his chargebacks. And the rest is history. We exist as another layer of security to give merchants an added layer of protection against fraud.
GS: Where do you get your information, and how might that benefit merchants?
SP: We're not a predictive model, assigning scores to the intangibles of transactions. We're not on a probability model and are not connected to the card Associations. We get our information from sewer systems [data on hard drives users have deleted but can still be found by someone with the right skills], known fraudulent areas, cyberspace, forums, chat rooms, known bad places. We are specifically a data and information supplier.
Even when a card has been compromised, merchants may still get a positive authorization from your processor because the card has not been reported stolen yet. By getting the information before the processor does, I save the merchant the chargeback fee that wipes out the sale, the money that has to be returned by the merchant, as well as the loss of the discount rate or the transaction fee.
Sometimes the best sale you ever make is the sale you didn't make.
GS: It seems impossibly easy to compromise a system.
SP: Well, yes, if they don't keep up with the patches required.
SP: The database list of patches that are needed to remedy software flaws and misconfigurations. This information is available on the National Vulnerability Database, the government repository of data that enables automation of vulnerability, security management and compliance.
The Web site is http://nvd.nist.gov and is used by most software engineers and information technology managers to see what security upgrades are needed for which systems. But hackers have accessibility as well because it's a public Web site. They will write a script, search for Web sites that are using these systems and identify their weaknesses.
GS: How do you stay one step ahead of the hackers?
SP: Depends on what day it is. It's really a constant battle of good and evil. Knowing what they're doing is more important than staying ahead of them. I interview merchants - where they were, when they shopped. Sometimes it is sloppy merchant habits that cause problems. [More often than not] it is a lack of education.
We need to educate merchants that at some level you have to be concerned with PCI DSS [the Payment Card Industry Data Security Standard]. Ninety-nine percent of the time, problems arise due to a weakness in security. But remember, an 8 or 16 gigabyte USB chip can hold up to 100 million bits of information. This makes a strong temptation for potential internal employee problems. That one chip can hold a lot of credit card info.
GS: Why are chargebacks so detrimental?
SP: Chargebacks are one of the biggest concerns an Internet or MO/TO merchant faces. This is why we are always on the lookout for ways of reducing the possibility of an item being charged back. It is important for merchants to understand that they are exposed to the highest risk for chargebacks and fraud. Issuing banks usually side with cardholders, who are liable for only a nominal amount. It is the merchant who ends up paying the losses associated with charges made from transactions where identity theft has occurred. Merchants may even end up paying fines for chargebacks and can lose their merchant accounts if chargeback problems are not controlled.
GS: How do electronic shoplifters commit fraud?
SP: They use the same technology that allows merchants to conduct business online and, in some cases, with total anonymity. This is especially true for businesses selling soft goods (nonphysical products), online subscriptions or memberships, or other services where delivery is made to an e-mail address as opposed to a physical address.
GS: How do they access this information?
SP: With hundreds of free, Web-based or e-mail forwarding addresses available, an electronic shoplifter can obtain stolen credit card numbers and have a stolen identity within minutes.
These fraudsters engage in online spending until it is discovered or the stolen card is maxed out on its limit.
Merchants are 100% financially responsible for fraudulent transactions, while the cardholder has a maximum liability of $50 dollars per occurrence.
GS: How prevalent is this phenomenon, and how fast can it happen?
SP: In the time it has taken to read this article so far, merchants will have suffered nearly $25,000 in credit card fraud losses due to transactions being processed in which identities were compromised. I always tell merchants to be more aware and err on the side of caution.
GS: Why are merchants so susceptible to identity theft?
SP: Because there are no regulations in place to protect the merchant. There are federal regulations that protect the consumer, but it's the merchant who pays for identity theft. SellitSAFE has security systems in place that can shut cards off before fraud is committed, and merchants aren't stuck with chargeback losses as well as interest and late fees.
[We] have developed proprietary methods to gather compromised data from a variety of sources all over cyberspace to protect the merchant. We can also identify specific businesses that have problems. In the end, it's all about protecting the merchant.
GS: Are there any obstacles in the way of creating a system that better protects merchants?
SP: The big thing that is setting us back, the place where everyone's main focus is right now, is PCI compliance. The chargeback losses are nominal compared to the six- and seven-figure fines that can be assessed to companies that are not PCI compliant.
Huge corporations are even granted leniency on their chargeback losses. 'So what, it's a couple of cardholders', one might hear, but in reality it is much more than a couple of cardholders.
GS: Are the PCI provisions in the United States sufficient, and how good is compliance overseas?
SP: I think there's still a long way to go, especially with smaller merchants. I think they just don't get it, that in their perspective it's too costly. The larger merchants are working towards compliance even at the expense of chargeback losses. The fines for being noncompliant far outweigh the money lost on fraud.
I was traveling in Italy and France. It's unbelievable how archaic Europe still is. I was finding full card numbers with expiration dates and, in some cases, the merchant's account number. Everyone will eventually be PCI compliant, but there is a lot of data out there, and securing it is the key.
GS: How much more prevalent is identity theft today than it was, say, five years ago?
SP: Well, the numbers say that overall fraud is down, but the numbers are misleading because the transaction volume is up, so of course fraud won't go up proportionately. But the problem is still there, still prevalent. Plus, the technology is making it easier for the bad guys.
GS: If you could change anything about this business, what would it be?
SP: Right now, today, I would not allow interchange to be given away by a company like Google just because they can afford the loss and make it up somewhere else. Interchange is the basis upon which the industry relies and the ISO is built.
The card Associations will receive their revenue regardless, and since they only see their members, they will not do anything regarding the ISOs or the MLSs. I feel that they should do something to protect those that helped build this industry.
GS: Has anything else in the industry changed since you started?
SP: When I started, signing merchants was like shootin' fish in a barrel. You didn't have to go far to find them. Nowadays you have to walk uphill in the snow both ways at night with sunglasses on and in bare feet to sign a merchant. Today there is a lot more competition.
GS: With that increase in competition, what would an ideal training program consist of?
SP: An overview of how we got here and the sales process - probing, qualifying your prospect/customer, uncovering objections, review, test close, close.
GS: How should MLSs go about choosing an ISO partner?
SP: MLSs should interview their ISO partner the same way they would interview an employee. MLSs know what they are going to do for the ISOs. What are the ISOs going to do for the MLSs? If you don't ask, you won't get.
GS: Do you think all ISOs should be registered?
SP: Yes, to keep the bad guys out.
GS: What is unique about your sales style/method?
SP: Whatever it takes for me to get into a merchant's place, I will do it. ... back door, window, floor board, air vent. That's OK as long as I leave through the front door. Naturally, I don't mean this literally. You have to find the merchant's sweet spot, and you only have a few minutes to do so. Find it fast or you are dead.
GS: What methods do you employ to help ensure account retention?
SP: I try to stay in contact with my customers and with the industry. Industry contacts are as important as merchants, especially if you get referrals from within the industry. It's also critical that I stay on top of the ever-changing industry rules and regulations.
GS: Do you have a surefire way to resolve conflict?
SP: Yeah, I avoid confrontation like George McFly, the dad from the "Back to the Future" movie trilogy. There's always a way to take a positive spin in any situation. And the bottom line is customer service, satisfaction and retention.
GS: What is one of the most powerful things you have learned?
SP: Don't laugh - probably my partner reminding me to say please and thank you when we first worked together in this industry.
GS: What has been one of your greatest successes as an agent?
SP: Breaking the million dollar mark in annual commissions.
GS: How do you explain interchange rates to prospects?
SP: They are aware of it long before I get there. Acquiring Solutions International, of which I am the Vice President, is an ISO that specializes in CNP [card not present] merchant processing.
GS: Why is it important to have a full arsenal of products to offer merchants?
SP: To find the merchants' 'buy' button.
GS: What do you do when it looks like you're on the verge of losing a sale?
SP: I tell the merchant that if there is anything I can ever do or any questions they have, don't hesitate to contact me. I love what I do. Even if we don't get your processing, don't hesitate to call.
GS: What types of merchants do you prefer to work with and why?
SP: CNP, MO/TO and Internet. It just seems that those merchants are so grateful to get the services they need. Today's payment industry requires specialization, finding that niche market - and we have found ours in CNP.
GS: How many merchants are signed up with your new venture?
SP: With SellitSAFE, I am still at this point doing a lot more goodwill in contacting consumers. I still try to pick up the phone and talk to people every day, and I'm still writing business every month on the ISO side.
But I am concerned with all merchants who are losing money on chargebacks and electronic fraud.
Protecting all merchants is why I got into the security side. The legislation is not helping merchants and they need an alternative source for assistance.
GS: Do you participate in GS online's MLS forum?
SP: Yes, and I use my real name too! I just like to help others where and when I can.
GS: Do you have a motto that you live by?
SP: For business - Pigs git fed, hogs git slaughtered. For life: And in the end, the love you take is equal to the love you make.
For success: Keep your eyes and ears open; keep your mouth shut; listen to half of what you hear; and believe half of that. That will keep you a step ahead of everyone else at all times.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.