t the age of 24, Tim Cranny, founder and Chief Executive Officer of Panoptic Security Inc., began his professional life as a mathematics professor in Australia.
But after eight years, he wanted a change, one that would allow him to use his expertise in security technology and expert systems (computer applications performing tasks that would otherwise be carried out by human experts).
In 2004, he obtained a green card and moved to the United States. During his acclimation to U.S. culture, Cranny familiarized himself with the Payment Card Industry (PCI) Data Security Standard (DSS) and immediately recognized a problem area.
"I realized one of the problems with security is that it demands expertise of people who simply don't have it," he said.
"PCI compliance has been dreadful, especially with the smaller level 3 and 4 merchants who have almost a 'don't ask, don't tell' policy.
"But the security demands on even the smallest merchants have changed dramatically; no longer is it just the concern of large organizations."
Merchants, ISOs on the spot
In March 2008, Cranny launched Panoptic, a Web-based business designed specifically to address the security needs of small merchants, assist them in meeting compliance requirements, and guide them through completion of the PCI Standard Assessment Questionnaire (SAQ).
"Security is growing in scope and importance, which means these small merchants and ISOs are in the crosshairs," Cranny said.
"Many can't afford to have a security staff or even an IT [information technology] person. They are trying to build a portfolio and have neither the time nor the wherewithal to become PCI experts.
"At Panoptic we hold the hand of the merchant. We guide them through the entire process, complete their SAQs for them, and generate a detailed, customized remediation plan at no cost. If you fail any of the requirements, we then sell inexpensive packages to help you fix the problem. We try to keep costs low; use the word 'thousands,' and you've forever lost the small merchant."
PCI as a revenue source
Panoptic also makes PCI compliance a revenue source for ISOs, Cranny said. ISOs that send merchants to Panoptic for security solutions get 35 percent of the income generated from those referrals.
The company can also underwrite integrated risk assessments for ISOs; it shares 40 percent of that revenue with ISOs that refer those customers.
Cranny said he designed security technology that had not previously existed, allowing merchants to meet PCI requirements efficiently and thoroughly at a low cost.
He avoids a "cookie cutter" approach by tailoring security solutions to each specific merchant. And Panoptic provides its customers hands-on assistance should a security breach, audit or other data security issue arise.
"Small merchants can no longer ignore PCI and hope nothing bad happens," he said. "Going into a PCI audit without us is like walking into an IRS audit without an accountant.
"We essentially plug into your corporate structure; we become part of your management team; and we take on all the PCI issues you used to worry about, because at the end of the day we're out to protect consumers' and merchants' information."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.