When something is amiss at a location relying on tight security, officials often immediately implement a systems “lock down.” Imagine the same scenario on a merchant’s payment system, and one can start to understand how PaySecure software works.
Payment network services provider Phoenix Managed Networks and cloud-based network management company Mako Networks Ltd. completed an agreement March 1 to provide PaySecure to acquirers and processors looking to provide brick-and-mortar retail merchants with a payment security and Payment Card Industry data security standards compliance system that is less complex than trying to piecemeal an in-store network.
PaySecure addresses card-data security in a retail market where payment-network technology has expanded much faster than most merchants can grasp, Alan Stephenson-Brown, director of United Kingdom operations for Reston, Va.-based Phoenix Managed Networks, tells PaymentsSource.
“As technology expanded, many merchants went from a dial-in network to broadband, and there are PCI data-security issues that come with that, whether the payment system is personal computer-based or through Wi-Fi,” Stephenson-Brown says.
Phoenix often finds merchants unaware that payment data move through or are stored on “low-security networks” at their businesses, Stephenson-Brown notes.
“Banks and processors have to educate merchants, as things move quickly from standalone systems to broadband, and we believe that makes it a good time to integrate security software,” he adds.
That’s where Phoenix’s agreement with Auckland, New Zealand-based Mako Networks and the development of PaySecure comes into play.
PaySecure simplifies the key elements of PCI compliance by using a preconfigured template for merchants to follow and monitor for enforcement and firewall and security protocols that can sense intruders, Chris Nation, Mako commercial manager of Europe, tells PaymentsSource.
Besides protecting data by ensuring encryption from the payment terminal until the information leaves the network for authorization, PaySecure automatically locks down the system firewall/router if an unauthorized person attempts to enter or change system parameters, Nation explains.
Provided by Mako, the firewall/router protects the payment system from online attacks by creating a barrier between card data and the merchant’s nonpayment systems in accordance with PCI data-security standards, Nation adds. In addition, PaySecure allows the merchant to direct payment data only to a trusted host or payment gateway, he notes.
Because Phoenix authenticates each payment terminal for each individual merchant site, if a hacker tries to introduce a fake terminal into the system, PaySecure locks down and blocks the connection, Nation says.
PaySecure alerts the merchant and payment-gateway provider with messages to authorized computers as soon as the software spots a nonapproved device in the system. Because PaySecure is cloud-based, Mako provides any needed terminal adjustments electronically in a matter of minutes, and merchants are not required to complete any new configuration at their site, Nation explains.
“If a merchant were to ask if he really needed our system, and our answer was somehow no, we’d at least want them to understand that PaySecure represents the expertise that merchants lack,” Nation says. “That lack of expertise is magnified by the scale of their systems.”
Too many merchants believe that once their systems have established PCI compliance, they can forget about PCI standards, Nation contends. However, merchants should continually monitor and enforce security, especially when converting to broadband systems that hold much more data, he adds.
“PaySecure addresses a majority of the questions asked by qualified security assessors in PCI compliance testing, especially related to compliance at the various portals within a payments system,” Nation suggests.
Because most merchants have a contract with their payment processor to protect stored data, the PaySecure software only protects transaction data in route, not in storage, Stephenson-Brown adds.
“PaySecure would work well for all levels of merchants or banks, but it is mostly designed for brick-and-mortar retail,” Stephenson-Brown notes.
Phoenix and Mako will offer PaySecure to acquirers and processors through direct sales channels or independent sales organizations, charging a flat monthly fee for the service based on the number of terminals at the merchant site.
“PaySecure provides merchants access to new technology and positive steps to make their security and compliance life easier,” Nation adds. “The downside, of course, is there is always an element of confusion for merchants about new technology.”
Stephenson-Brown stresses that Phoenix and Mako are not pitching PaySecure “as a way to make PCI data-security compliance go away.” Rather, PaySecure properly secures a network and provides a much lower risk factor, he adds.
Mako provides the firewall/router, broadband connection and other hardware as needed, but PaySecure also can operate on other cable service providers’ broadband networks, Nation says.
The companies did not disclose financial details of the partnership, stating only in a press release that it represented “a multimillion-dollar agreement.”
Constant updates to PCI standards along with new technology developments add up to a situation in which retail merchants can fall behind regarding payment-network security, Scott Strumello of New York- and London-based Auriemma Consulting Group, tells PaymentsSource.
“It hasn’t reached an overall dangerous level in terms of retailers not being aware because the retail landscape is so diverse, and some businesses are on top of security technology and others are not,” Strumello suggests.
“PaySecure fills a real need for those who have a hard time staying ahead on security technology,” Strumello contends. “If I were running Joe’s Deli, I may find it very challenging to understand data-security technology, and Phoenix and Mako are providing what almost amounts to a plug-and-play service that is really helpful.”
What do you think about this? Send us your feedback. Click Here.