ControlScan Inc. has acquired a company with a product designed to help merchants comply with Payment Card Industry data security standards.

The Atlanta-based security services vendor purchased CRE Secure, a white-label payments page provider, the companies announced May 9. Terms were not disclosed.

Independent sales organizations can offer the CRE product to clients, ControlScan CEO Joan Herbig tells PaymentsSource. ISOs on the company’s advisory board expressed enthusiasm for the product during a briefing at the recent Electronic Transactions Association Annual Meeting & Expo, she says.

“The combination of ControlScan and CRE Secure is a natural fit that provides increased value for our current ISO, acquirer and processor partners who are looking for a full suite of PCI compliance and security [products] for their merchants,” Herbig says.

About 18 months ago, CRE developed a payments page that it designs to fit in with the look of merchants’ ecommerce sites, Kevin Lee, CRE president and CEO, tells PaymentsSource.

The page eases merchants’ PCI requirements because it resides on the vendor’s server, protecting the merchant from the risk of a breach, Lee says.

In effect, merchants enjoy “the best of both worlds” because they maintain a consistent look on their sites and may still protect cardholders’ personal data from criminal hackers seeking to use it for fraudulent purchases, he says.

A jarring transition to a payment page that does not resemble the rest of the site can raise security concerns with online shoppers and cause them to abandon the purchase, Herbig notes.

ControlScan has not decided whether it will continue to use the CRE name or rebrand the product, Herbig says. Most CRE employees will move to jobs with ControlScan, she notes.

The acquisition makes sense because security vendors should expand their offerings beyond helping companies comply with PCI standards, consultant Paul Martaus of Mountain Home, Ark.-based Martaus & Associates tells PaymentsSource.

Visa Inc. last year announced incentives designed to encourage merchants and issuers to adopt the EMV chip card standard (see story). 

One of the lures Visa offers merchants is the opportunity to bypass costly annual audits to comply with the Payment Card Industry Data Security Standard beginning this fall if at least 75% of a merchant's Visa transactions originate from chip-enabled terminals.

“The more astute PCI-related companies out there are looking for a way to survive the upcoming transition to EMV cards,” Martaus says. “Visa has made it quite clear the magnetic stripe access device is out of focus and soon to be a thing of the past.”

Meanwhile, the switch to EMV will make the CRE product more valuable because fraud likely will shift to card-not-present online transactions as magnetic stripe cards disappear, says Herbig.


What do you think about this? Send us your feedback. Click Here.




Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry