How To Sell PCI Security

It's no longer shocking to hear that a retail store has somehow lost the credit card numbers of thousands of its customers. Those types of thefts can cost business thousands of dollars in fines. Cybera's senior vice president of marketing discusses the importance of Payment Card Industry (PCI) security and how solution providers can ensure that customers in the retail and restaurant industries are equipped with a reliable, scalable and secure network solution.—Jennifer Bosavage, editor

Complying with the Payment Card Industry Data Security Standard (PCI DSS), adopted by payment brands such as Visa, MasterCard and American Express to prevent fraud, is imperative for any merchant that stores, processes or transmits credit card information. That includes everyone from the smallest “mom and pop” stores to the largest international retail and restaurant chains.

For IT solution providers, the task of implementing the necessary technology infrastructure and application solutions to meet security and PCI compliance requirements can be daunting, especially if their clients are multi-site businesses such as convenience stores, retail specialty chains and restaurants. Many merchants are not taking the actions necessary to make certain that credit card information is secure. Others are unfamiliar with PCI compliance and how it relates to their businesses.

So, how can you familiarize merchants with PCI security and the steps required to ensure that they are equipped with a reliable, scalable and secure network solution? How can they avoid having one of the 10 biggest data breaches in 2011?

For starters, it is of the utmost importance that both your current and potential customers are aware of the downsides of data breaches.

Sponsored post

All merchants are mandated by the payment card brands to implement security controls to comply with the PCI DSS or face the risk of fines, lawsuits, lost customers, brand damage or even losing the ability to process credit cards. Without compliance, if a merchant has credit card information stolen, PCI related fines can be as high as $500,000 per incident.

VARs' customers must understand the breadth of the PCI DSS as there are a number of different security technologies required to completely address all requirements. Understanding the merchants’ ability to address their security needs through assembling point solutions vs. implementing a comprehensive solution suite is another critical aspect of selling PCI security solutions.

When a merchant has a proficient IT organization that is knowledgeable in security and compliance, they may be able to handle the integration and management of multiple point solution vendors themselves. However, when a merchant has a limited IT staff focused on store applications and business operations (as opposed to security and compliance), they will more likely be interested in a comprehensive solution from a single solution provider.

Our experience shows most “big box” merchants—for example, Walmart—have substantial IT organizations and prefer to assemble their own security solutions. However, for a “small box” merchant, such as 7-Eleven convenience stores, there is often no security expertise or very limited staff available to address compliance requirements. These small box merchants require a managed solution that fully addresses their PCI and security needs. The distributed enterprises of this segment that are affiliated with a common brand are often interested in a standardized and comprehensive solution which can be easily deployed at all branded lcoations. When selling to the “small box” segment, you will want to make sure that they understand all the separate technologies they will have to integrate and all the multiple vendors they will have to manage. The bottom line is that you must understand the needs of your customer and tailor your solutions to their needs.

It’s also important to emphasize that the right technology can provide a superior experience for customers as well as enable secure, fast transaction processing to maintain a competitive edge. Traditionally, with the introduction of each new application, merchants have pieced-together various solution components from multiple providers, resulting in complex, expensive and often ineffective security solutions. That drives higher business costs and consumes staff time with compliance initiatives, rather than business operations and growth. In order to be equipped with a reliable, scalable and secure network solution, merchants will benefit from a complete portfolio of hosted security services. By pulling together all solution components, retailers will have an end-to-end solution that frees them to focus on their core business.

When it comes to PCI DSS compliance, there are three main ways in which a complete portfolio of hosted services meets merchants’ varying needs:

Solution Suite

A comprehensive solution suite means less complexity. Merchants and enterprises must address four critical areas of security to become PCI compliant: Firewall, Wireless IDS, Secure VPN, Security Information and Event Management (SIEM). Addressing each of these needs individually with point solutions drives greater complexity, ultimately slows overall compliance efforts and places greater burdens on the IT staff.

A comprehensive solution eliminates: