Page 34 - 130902
P. 34
Viewsews
Vi
Tackle risk vectors to improve portfolio performanceackle risk vectors to improve portfolio performance
T
By Ross Fe
By Ross Federgreen, CSRdergreen, CSR payment system, which means thorough evaluation of ayment system, which means thorough evaluation of
p
merchants at boarding is critical – including analyzing
Ed Barton merchants at boarding is critical – including analyzing
Ed Barton, G2 Web Services, G2 Web Services
the risk presented by their online presence. With the
the risk presented by their online presence. With the
R p and message boards, merchants increasingly rely on
shift from phone books and billboards to search engines
shift from phone books and billboards to search engines
i
isk, fraud and compliance are no strangers to the sk, fraud and compliance are no strangers to the
and message boards, merchants increasingly rely on
payments community. Daily procedures address ayments community. Daily procedures address
the Internet to drive new business.
the Internet to drive new business.
i
issues relating to Payment Card Industry (PCI) ssues relating to Payment Card Industry (PCI)
R Data Security Standard (DSS) compliance in addi-Data Security Standard (DSS) compliance in addi-
During merchant boarding due diligence, it is essential
tion to monitoring mer
tion to monitoring merchant and affiliate activities to spot risky chant and affiliate activities to spot risky During merchant boarding due diligence, it is essential
to examine merchants' online risk history, an often
b to examine merchants' online risk history, an often
behavior and overseeing dealings with high-risk entities. Yet ehavior and overseeing dealings with high-risk entities. Yet
overlooked step. A cursory review of a merchant's
often, these procedures are viewed as a cost center, rather than hese procedures are viewed as a cost center, rather than
often, t overlooked step. A cursory review of a merchant's
website at boarding is not enough to protect an
an opportunit website at boarding is not enough to protect an
an opportunity for business growth and cost savings.y for business growth and cost savings.
organization from future financial loss. Analysis
organization from future financial loss. Analysis
should include all aspects of the merchant's online
Easy-to-use tools can enhance scrutiny and reduce risk while y-to-use tools can enhance scrutiny and reduce risk while
Eas should include all aspects of the merchant's online
presence: history of risk and violations of card network
saving time and mone presence: history of risk and violations of card network
saving time and money – and even provide new streams of y – and even provide new streams of
rules, "Whois" records of domain name registration,
re
revenue. venue. rules, "Whois" records of domain name registration,
and risk related to the company's principals, as well
and risk related to the company's principals, as well
as examination of past and present websites to assess
as examination of past and present websites to assess
Facin
Facing increased risk, compliance challengesg increased risk, compliance challenges online service providers for PCI compliance and verify
online service providers for PCI compliance and verify
registration with the card networks.
registration with the card networks.
T
The payments industry has its hands full trying to he payments industry has its hands full trying to
minimize portfolio risk, and payment professionals are folio risk, and payment professionals are
minimize port Access to databases containing merchants' history of
Access to databases containing merchants' history of
tasked wit brand-damaging and illegal behaviors and violations of
tasked with keeping up with an ever-increasing patchwork h keeping up with an ever-increasing patchwork
brand-damaging and illegal behaviors and violations of
of information security legislation. f information security legislation.
o
card network rules can augment the traditional boarding
card network rules can augment the traditional boarding
process, allowing compliance professionals to more
process, allowing compliance professionals to more
C
Currently, 99 countries have data privacy laws. Forty-six urrently, 99 countries have data privacy laws. Forty-six accurately predict prospective merchants' future risk.
accurately predict prospective merchants' future risk.
states
states have data breach laws and 22 states have additional have data breach laws and 22 states have additional This can help ISOs and acquirers reduce the likelihood
This can help ISOs and acquirers reduce the likelihood
data pr of receiving costly fines and assessments and improve
data protection legislation. Compliance gets more complex otection legislation. Compliance gets more complex
of receiving costly fines and assessments and improve
w
when considering the breadth of federal legislation, like hen considering the breadth of federal legislation, like merchant retention rates. Also, they can be completed
merchant retention rates. Also, they can be completed
t the Gramm-Leach-Bliley Act and the Drivers Privacy he Gramm-Leach-Bliley Act and the Drivers Privacy quickly and with minimal additional spend.
quickly and with minimal additional spend.
P
Protection Act, as well as industry rules and regulations rotection Act, as well as industry rules and regulations
l like MasterCard Worldwide's Business Risk Assessment ike MasterCard Worldwide's Business Risk Assessment
&
& Mitigation (BRAM) program, the Visa Inc. Global Brand Mitigation (BRAM) program, the Visa Inc. Global Brand 2. Persistent monitoring of websites for g of websites for
2. Persistent monitorin
P
Protection Program (GBPP), and the familiar PCI DSS.rotection Program (GBPP), and the familiar PCI DSS. compliancepliance
com
I
It is also important to monitor merchants' online t is also important to monitor merchants' online
Usin b
Using tools to protect and improve profitsg tools to protect and improve profits
behavior. While a merchant may be selling compliant ehavior. While a merchant may be selling compliant
goods or services at boar
goods or services at boarding, within hours or days, ding, within hours or days,
Research indicates that state-of-the-art security tools esearch indicates that state-of-the-art security tools
R
and services that require no bandwidth can increase d services that require no bandwidth can increase
an t that same merchant could switch to selling items that hat same merchant could switch to selling items that
put acquirers and ISOs at risk for hefty compliance ut acquirers and ISOs at risk for hefty compliance
n p
nontransactional revenues up to 30 percent while making a ontransactional revenues up to 30 percent while making a
assessments and
big difference in efficiencies and outcomes for acquirers and assessments and legal penalties. legal penalties.
big difference in efficiencies and outcomes for acquirers and
ISOs.
ISOs.
With new illegal goods and substances emerging on th new illegal goods and substances emerging on
Wi
a near daily basis, and ever more elusive "bad actors" ly basis, and ever more elusive "bad actors"
a near dai
For instance, deeper evaluation of prospective merchants
For instance, deeper evaluation of prospective merchants
going to elaborate lengths to disguise their wares, oing to elaborate lengths to disguise their wares,
can improve decision-making and reduce risk. Merchant g
can improve decision-making and reduce risk. Merchant
i
monitoring for fraud and compliance can be done
monitoring for fraud and compliance can be done it can be difficult to stay on top of the latest trends t can be difficult to stay on top of the latest trends
i
continuously and more extensively. Providing a solution in counterfeit goods, illegal drugs and other illicit n counterfeit goods, illegal drugs and other illicit
continuously and more extensively. Providing a solution
i
that enables merchants to quickly report data loss and
that enables merchants to quickly report data loss and industries. For example, a merchant selling "bath salts" ndustries. For example, a merchant selling "bath salts"
or "plant food" may in fact be selling synthetic cocaine, y in fact be selling synthetic cocaine,
breaches to all appropriate authorities gives acquirers and or "plant food" ma
breaches to all appropriate authorities gives acquirers and
w
ISOs another no-fuss revenue opportunity. which is illegal and against card network rules. hich is illegal and against card network rules.
ISOs another no-fuss revenue opportunity.
A monitoring provider that is well versed in all card
A monitoring provider that is well versed in all card
Here are three scenarios in which security services
Here are three scenarios in which security services
network rules and that works closely with federal
differentiate acquirers and ISOs, improve customer
differentiate acquirers and ISOs, improve customer network rules and that works closely with federal
agencies, as well as with nongovernmental and
retention and preserve revenue: agencies, as well as with nongovernmental and
retention and preserve revenue:
industry organizations, can identify risky merchant
industry organizations, can identify risky merchant
website content that may otherwise be difficult to spot,
website content that may otherwise be difficult to spot,
1
saving payment providers from major financial loss
1. Merchant risk analysis at boarding. Merchant risk analysis at boarding saving payment providers from major financial loss
and brand damage.
and brand damage.
M
Merchant risk begins at the entry point into the erchant risk begins at the entry point into the
344
3
Vi
Tackle risk vectors to improve portfolio performanceackle risk vectors to improve portfolio performance
T
By Ross Fe
By Ross Federgreen, CSRdergreen, CSR payment system, which means thorough evaluation of ayment system, which means thorough evaluation of
p
merchants at boarding is critical – including analyzing
Ed Barton merchants at boarding is critical – including analyzing
Ed Barton, G2 Web Services, G2 Web Services
the risk presented by their online presence. With the
the risk presented by their online presence. With the
R p and message boards, merchants increasingly rely on
shift from phone books and billboards to search engines
shift from phone books and billboards to search engines
i
isk, fraud and compliance are no strangers to the sk, fraud and compliance are no strangers to the
and message boards, merchants increasingly rely on
payments community. Daily procedures address ayments community. Daily procedures address
the Internet to drive new business.
the Internet to drive new business.
i
issues relating to Payment Card Industry (PCI) ssues relating to Payment Card Industry (PCI)
R Data Security Standard (DSS) compliance in addi-Data Security Standard (DSS) compliance in addi-
During merchant boarding due diligence, it is essential
tion to monitoring mer
tion to monitoring merchant and affiliate activities to spot risky chant and affiliate activities to spot risky During merchant boarding due diligence, it is essential
to examine merchants' online risk history, an often
b to examine merchants' online risk history, an often
behavior and overseeing dealings with high-risk entities. Yet ehavior and overseeing dealings with high-risk entities. Yet
overlooked step. A cursory review of a merchant's
often, these procedures are viewed as a cost center, rather than hese procedures are viewed as a cost center, rather than
often, t overlooked step. A cursory review of a merchant's
website at boarding is not enough to protect an
an opportunit website at boarding is not enough to protect an
an opportunity for business growth and cost savings.y for business growth and cost savings.
organization from future financial loss. Analysis
organization from future financial loss. Analysis
should include all aspects of the merchant's online
Easy-to-use tools can enhance scrutiny and reduce risk while y-to-use tools can enhance scrutiny and reduce risk while
Eas should include all aspects of the merchant's online
presence: history of risk and violations of card network
saving time and mone presence: history of risk and violations of card network
saving time and money – and even provide new streams of y – and even provide new streams of
rules, "Whois" records of domain name registration,
re
revenue. venue. rules, "Whois" records of domain name registration,
and risk related to the company's principals, as well
and risk related to the company's principals, as well
as examination of past and present websites to assess
as examination of past and present websites to assess
Facin
Facing increased risk, compliance challengesg increased risk, compliance challenges online service providers for PCI compliance and verify
online service providers for PCI compliance and verify
registration with the card networks.
registration with the card networks.
T
The payments industry has its hands full trying to he payments industry has its hands full trying to
minimize portfolio risk, and payment professionals are folio risk, and payment professionals are
minimize port Access to databases containing merchants' history of
Access to databases containing merchants' history of
tasked wit brand-damaging and illegal behaviors and violations of
tasked with keeping up with an ever-increasing patchwork h keeping up with an ever-increasing patchwork
brand-damaging and illegal behaviors and violations of
of information security legislation. f information security legislation.
o
card network rules can augment the traditional boarding
card network rules can augment the traditional boarding
process, allowing compliance professionals to more
process, allowing compliance professionals to more
C
Currently, 99 countries have data privacy laws. Forty-six urrently, 99 countries have data privacy laws. Forty-six accurately predict prospective merchants' future risk.
accurately predict prospective merchants' future risk.
states
states have data breach laws and 22 states have additional have data breach laws and 22 states have additional This can help ISOs and acquirers reduce the likelihood
This can help ISOs and acquirers reduce the likelihood
data pr of receiving costly fines and assessments and improve
data protection legislation. Compliance gets more complex otection legislation. Compliance gets more complex
of receiving costly fines and assessments and improve
w
when considering the breadth of federal legislation, like hen considering the breadth of federal legislation, like merchant retention rates. Also, they can be completed
merchant retention rates. Also, they can be completed
t the Gramm-Leach-Bliley Act and the Drivers Privacy he Gramm-Leach-Bliley Act and the Drivers Privacy quickly and with minimal additional spend.
quickly and with minimal additional spend.
P
Protection Act, as well as industry rules and regulations rotection Act, as well as industry rules and regulations
l like MasterCard Worldwide's Business Risk Assessment ike MasterCard Worldwide's Business Risk Assessment
&
& Mitigation (BRAM) program, the Visa Inc. Global Brand Mitigation (BRAM) program, the Visa Inc. Global Brand 2. Persistent monitoring of websites for g of websites for
2. Persistent monitorin
P
Protection Program (GBPP), and the familiar PCI DSS.rotection Program (GBPP), and the familiar PCI DSS. compliancepliance
com
I
It is also important to monitor merchants' online t is also important to monitor merchants' online
Usin b
Using tools to protect and improve profitsg tools to protect and improve profits
behavior. While a merchant may be selling compliant ehavior. While a merchant may be selling compliant
goods or services at boar
goods or services at boarding, within hours or days, ding, within hours or days,
Research indicates that state-of-the-art security tools esearch indicates that state-of-the-art security tools
R
and services that require no bandwidth can increase d services that require no bandwidth can increase
an t that same merchant could switch to selling items that hat same merchant could switch to selling items that
put acquirers and ISOs at risk for hefty compliance ut acquirers and ISOs at risk for hefty compliance
n p
nontransactional revenues up to 30 percent while making a ontransactional revenues up to 30 percent while making a
assessments and
big difference in efficiencies and outcomes for acquirers and assessments and legal penalties. legal penalties.
big difference in efficiencies and outcomes for acquirers and
ISOs.
ISOs.
With new illegal goods and substances emerging on th new illegal goods and substances emerging on
Wi
a near daily basis, and ever more elusive "bad actors" ly basis, and ever more elusive "bad actors"
a near dai
For instance, deeper evaluation of prospective merchants
For instance, deeper evaluation of prospective merchants
going to elaborate lengths to disguise their wares, oing to elaborate lengths to disguise their wares,
can improve decision-making and reduce risk. Merchant g
can improve decision-making and reduce risk. Merchant
i
monitoring for fraud and compliance can be done
monitoring for fraud and compliance can be done it can be difficult to stay on top of the latest trends t can be difficult to stay on top of the latest trends
i
continuously and more extensively. Providing a solution in counterfeit goods, illegal drugs and other illicit n counterfeit goods, illegal drugs and other illicit
continuously and more extensively. Providing a solution
i
that enables merchants to quickly report data loss and
that enables merchants to quickly report data loss and industries. For example, a merchant selling "bath salts" ndustries. For example, a merchant selling "bath salts"
or "plant food" may in fact be selling synthetic cocaine, y in fact be selling synthetic cocaine,
breaches to all appropriate authorities gives acquirers and or "plant food" ma
breaches to all appropriate authorities gives acquirers and
w
ISOs another no-fuss revenue opportunity. which is illegal and against card network rules. hich is illegal and against card network rules.
ISOs another no-fuss revenue opportunity.
A monitoring provider that is well versed in all card
A monitoring provider that is well versed in all card
Here are three scenarios in which security services
Here are three scenarios in which security services
network rules and that works closely with federal
differentiate acquirers and ISOs, improve customer
differentiate acquirers and ISOs, improve customer network rules and that works closely with federal
agencies, as well as with nongovernmental and
retention and preserve revenue: agencies, as well as with nongovernmental and
retention and preserve revenue:
industry organizations, can identify risky merchant
industry organizations, can identify risky merchant
website content that may otherwise be difficult to spot,
website content that may otherwise be difficult to spot,
1
saving payment providers from major financial loss
1. Merchant risk analysis at boarding. Merchant risk analysis at boarding saving payment providers from major financial loss
and brand damage.
and brand damage.
M
Merchant risk begins at the entry point into the erchant risk begins at the entry point into the
344
3
