GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Bring the 'ATM-O-Matic' to a retailer near you



APEX awards: The Green Sheet's lucky seven

Welcome aboard GSTravelAdvice

Meet the new, nimble Hypercom


GS Advisory Board:
Value-adds: Recipe for success? Part II

PCI standards weigh on ATMs

Gary Wollenhaupt

Industry Leader

Gerry Wagner –
Discovering new opportunities


Merchant cash advance companies on the offensive

Patti Murphy
The Takoma Group

A pandemic is sweeping POS terminals: Are you ready?

Biff Matthews
CardWare International


Street SmartsSM:
Lust for the lodging market

Dee Karawadra
Impact PaySystem

Data security sells

Aaron Bills
3Delta Systems

The all-time dirtiest processor tricks

Adam Atlas
Attorney at Law

Are you business-suicidal?

Paul E. Donihue
Advanced Merchant Services Inc.

PCI: Eye to eye with federal law

Ross Federgreen

Out-of-sight Outlook tricks

Joel and Rachael Rydbeck
Nubrek Inc.

Company Profile

Gravity Payments

New Products

Ringing in a smart idea

IPS Express- Mobile Payments
Payment Data Systems Inc.

Where oh where are your consumers?

First Atlantic Commerce

Outsource the chargeback confusion

ChargebackAudit LLC
Chargeback Dispute Management System


If the shoe fits, bear it


Resource Guide


A Bigger Thing

The Green Sheet Online Edition

July 23, 2007  •  Issue 07:07:02

previous next

Data security sells

By Aaron Bills

Online fraud resulting from card data breaches is a serious problem. Forrester Research estimates that data theft costs merchants about $90 to $305 per stolen record. Considering the increase in data compromises and their resultant business impact, merchants must carefully examine the rationale for storing credit card numbers internally.

As ISOs and merchant level salespeople (MLSs), you know merchants need to protect sensitive customer data.

Recent trends indicate many retailers outsource card data storage to third parties. This strategy minimizes the possibility that a security breach or data theft will damage their operations and reputations.

Also, the cost to keep computer systems secure can become too expensive and time-consuming for many companies. Herein lies the opportunity to understand merchant requirements and assess available security options.

The underlying goal is the same: to help your clients avoid creating liability. Act consultatively. And remember, the more card data your customers store internally, the greater will be the consequences of breaches.

Tips for suave sales

Following are five guidelines to assist your sales process and ensure that you suggest the best remote storage solution for each merchant.

1. Pinpoint the best possible providers

Recommend service providers and solutions that are certified compliant with the Payment Card Industry (PCI) Data Security Standard or Visa U.S.A.'s Payment Applications Best Practices (PABP).

PCI and PABP define the framework for creating an organization's information assurance standard, as well as provide specific technical guidance in key areas.

For a merchant to be considered PCI-compliant, any service providers that store, process or transmit account data on behalf of the merchant must also be compliant. Briefly, the 12 requirements of PCI are split into the following groupings:

Merchants also need to understand their transaction processing volume because the certification/validation level is determined by total transaction volume. You can offer to work with merchants' acquirers; they determine the compliance validation levels for each merchant.

By suggesting that merchants use PCI-compliant solutions provided by security-centric companies, you will help merchants understand the importance of information assurance throughout the industry.

2. Emphasize secure data transfer

Counsel merchants to implement solutions that provide secure transfer of data from merchants to their service providers' remote PCI-certified data centers.

Commonly cited best practices include the following:

3. Offer multiple layers of security

Advocate solutions that offer multiple levels of authentication for accessing stored data. A robust solution should include at least three of the following methods:

The use of multifactor authentication helps ensure that processing of sensitive data is conducted by authorized parties only.

4. Suggest platform neutrality

Direct merchants to establish relationships with vendors offering platform-neutral software design. This cost-effective measure ensures that solutions will work with any host system and lets merchants retain their business processes regardless of changes in operating systems or software application.

5. Tailor solutions to merchants

Understand merchants' current business processes, and recommend appropriate storage options. For example, merchants primarily in the Web-commerce arena will need systems with real-time card access and transaction processing capabilities.

However, if merchants support recurring invoice payments (such as health club memberships) they may need a blend of real-time and batch data processing/data transfer capabilities.

Often, companies doing repeat billing are vulnerable to security breaches because, historically, they needed bankcard data on hand. However, with the release of new information security and storage capabilities, you can now offer merchants supperior solutions.

Aaron Bills is Chief Operating Officer and co-founder of 3Delta Systems Inc. E-mail him at or visit for more information on secure data storage solutions.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios