GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Unbanked, underbanked - untapped


Industry Update

HR 5546, the downside

Uncle Sam to get slice of payments pie

Private equity giant going public

MWAA meeting goes the distance

PCI on the menu

Scott Henry

Three-step systemization

Biff Matthews
CardWare International


The consulting guru that could

Industry Leader

Linda Perry –
Unfettered spirit, extraordinary success


PCI on the menu

Scott Henry

Three-step systemization

Biff Matthews
CardWare International


Street SmartsSM:
To Capitol Hill we go

Jason Felts
Advanced Merchant Services

Becoming registered

Adam Atlas
Attorney at Law

Check processing diversification: Hop aboard

Christian Murray
Global eTelecom Inc.

Invest in trust

Jeff Fortney
Clearent LLC

Web site optimization: A route to talent

Curt Hensley
CSH Consulting

Lead with communication

Daniel Wadleigh
Marketing Consultant

Company Profile

GreenSoft Solutions Inc.

New Products

Keep alert with merchant accounts

Mercury Payment Systems LLC

Turbo charge PCI compliance

TurboPCI Inc.


For better or worse





Resource Guide


A Bigger Thing

The Green Sheet Online Edition

August 11, 2008  •  Issue 08:08:01

previous next

New Products

Turbo charge PCI compliance

Product: TurboPCI

The Payment Card Industry (PCI) Security Standards Council (SSC) has mandated that all businesses that accept plastic must be PCI Data Security Standard (DSS) compliant.

That means global corporations all the way down to mom-and-pop shops must comply with PCI DSS.

But according to Dr. Suzanne Miller, Senior Partner at TurboPCI Inc., a division of Compliance & Audit Group Inc., small businesses, which represent about 95 percent of all merchants in the United States, don't have a clue about PCI DSS.

"A, they have no concept that they need to do this, and, B, if they do, they don't understand it," Miller said.

That is where TurboPCI comes in. It is both an online service and a hardcopy workbook that leads merchants step-by-step through the PCI DSS - not only providing education about what merchants need to do to gain compliancy, but also how to do it.

"For example, one of the [PCI] requirements is that you have an inventory of all media containing cardholder data," Miller said. "So what we've said is step one, look around your business and identify every sheet of paper that has a credit card number on it.

"Determine if you have floppy discs, backup tapes, anything that could contain a credit card number. "Now that you've identified it all, decide if you need to keep it. If you need to keep it, if it's paper, you put it in a container, mark confidential on it and then store it in a lockable closet.

"And then we have a form where they fill out that they have box 1, box 2, box 3, the date that they put it in the storage room."

Similarly, if merchants decide to destroy cardholder data, TurboPCI tells them how to go about it and how to document it.

As a Qualified Security Assessor (QSA) since 2007, TurboPCI understands the burden PCI DSS has placed on ISOs in making sure their merchants reach and maintain PCI compliance.

So TurboPCI also provides reporting features that keep ISOs and acquirers updated on which merchants are compliant and which ones aren't.

"So imagine an ISO that has 10,000 merchants and now they have 10,000 [security assessment] questionnaires sitting on their desk," Miller said. "And they're going to have to report out on all of them? I don't think that's going to happen." TurboPCI is able to sift out the "problem" merchants so acquirers can focus their efforts on them.

Pain point mitigation

Miller's team also understands that acquirers are in "a lot of pain right now," she said, because they don't know how to get all their merchants PCI compliant. So the QSA is offering acquirers a deal.

"If we have a substantial amount of the acquirers' merchants who have signed up for TurboPCI, we provide all of the service to the acquirers at no cost," Miller said. And merchants will be charged less than $100 a year for TurboPCI.

Additionally, Miller said acquirers themselves are required to attain level 1 PCI DSS compliance, which requires a yearly security audit.

The QSA will supply that audit to acquirers free of charge, "if you give us your merchants," Miller said.

TurboPCI Inc.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios