Security and compliance are still daunting issues for merchants. Phoenix Managed Networks hopes to ease this pain by offering its network security product to "hundreds of thousands" of merchants through a new partnership with Sysnet Global Solutions.
Sysnet will offer the Phoenix service as a private-label Payment Card Industry data security compliance product to its processing and acquirer clients, who in turn will offer the security protection to their merchants around the world, the companies announced this week.
Earlier this year, Phoenix, a Reston, Va.-based payments network services provider, unveiled its firewall protection, previously called PaySecure, as a key component of its security service. Phoenix partnered with Mako Networks Ltd. to offer PaySecure as a cloud-based product.
Sysnet, an Irish company that operates as a PCI qualified security assessor, recently began marketing its compliance services to banks, acquirers and processors who work with merchants to establish secure payments networks, says Paul Prior, chief product officer at Sysnet.
"PCI standardized much in payments, but it also introduced some complexity, especially for the smaller retailers," Prior says. "The partnership with Phoenix really addresses" the need to clarify compliance issues.
Merchants without information technology personnel need the firewall protection and a service provider to help them monitor their payments networks, says Alan Stephenson-Brown, director of United Kingdom operations for Phoenix.
"We have the answers for network security, protecting the perimeter of the system, but we are not replacing anything the merchant does internally for security," Brown says. "If they have other security components in place, we encourage them to keep them."
When Sysnet resells the product to acquirers, it makes it more palatable to the merchants.
"The merchant has a certain degree of comfort when the technology is coming from his acquirer or processor because he knows they have a vested interest in the security of the payments network," Prior says. "The more transactions that go through the network, the more success for everyone."
The firewall protection addresses various aspects of a merchant's network that can cause vulnerabilities, Prior says. "Many times an employee will pull a new device out of a box and plug it into the system, but not change the network security for that device," he says.
Employees can forget to change default passwords, making it easier for the system to be compromised, Prior says.
In addition, most smaller retail businesses do not have proper firewall maintenance processes in place to close off ports that hackers can use to slip in malware, he says.
The Phoenix firewall protection service "takes away all of those concerns" from the merchant, Prior says.
Merchants are wise to have a strong firewall or perimeter security for their networks to complement various security layers within the network, says Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group.
"But you can't rely on perimeter defense alone," she adds. "You have to have all of the appropriate controls in the network, too."
McNelley agrees with Prior's assessment that retailers unwittingly open the door to hackers when making hardware additions or software changes to their network.
"Payments networks are very complex and if you change anything without adjusting the network [security], it just creates more opportunities for hackers," she says.
Phoenix charges Sysnet a flat rate for the service, allowing Sysnet to establish its own rates to resell the product to processors and acquirers, who may in turn use an independent sales organization, Brown says.
The service "manages connectivity" for brick-and-mortar retailers who connect a retail point-of-sale system to the Internet, as opposed to the older method of hooking into a phone line, and for those making a first connection to the Web-based cloud service, Brown says.
"When that first connection to the cloud is made, we have to be certain all of the configurations with the firewall are secure," he adds.
The firewall protection automatically locks down a system if a vulnerable connection is exposed or someone attempts to introduce a new device without proper identification or passwords, Brown says.
After establishing a client base in the UK, Phoenix stated in May it intended to introduce its services in the North American market.
Brown says the company plans to expand its services in the U.S. throughout the year.