Page 31 - GS161201
P. 31
CompanyProfile
Top-of-the-line data ISO/MLS contact:
security practices, Ross Federgreen
programs CEO and founder
R oss Federgreen, Chief Executive Officer and 772-485-9056
founder of payment and data privacy consul- rfedergreen@csrps.com
tancy CSR Professional Services Inc., frequent-
ly finds himself correcting misconceptions www.csrps.com
about data security. Take the Payment Card Industry
Data Security Standard (PCI DSS): "PCI is a misguided possibly criminal prosecution, and reputational damage
concept these days," he said, noting that despite years of and loss of sales, he said.
outreach and education, many small merchants, whether
they realize it or not, are not compliant. The CSR Breach Reporting Service provides a single point
for clients to call when a breach has been detected. "We
"They check off all the self-certifying boxes, and that's a report that information to all of the appropriate parties
mistake," he said. "It has absolutely nothing to do with the at the federal, state and local levels and to the brand as
realities of the world and the big players who spend tens required based upon what data was stolen," Federgreen
of millions of dollars on very sophisticated systems that said. Companies are under a tight timeline to report
still get hacked all the time." breaches, and they "usually don't have the business
bandwidth to do it," he added.
Federgreen also noted that only 4 to 7 percent of breaches
are bankcard related; over 90 percent target other types Readiness and expert guidance
of personally identifiable information (PII), such as birth
dates and Social Security, driver's license, and automated The CSR Readiness Suite provides online, interactive data
clearing house routing numbers. risk assessment to identify gaps; risk mitigation tools
including an incident response plan; policy templates and
Payments at the core best practices; proof of efforts to comply with regulations;
24/7 access to services to maintain data privacy strength;
Federgreen served as an adviser to the United States and privacy compliance training.
Senate, the U.S. Agency for International Development
and numerous multinational corporations. When he As data privacy regulations change, many companies will
founded Jensen Beach, Fla.-based CSR in 1999, he was also need to have certified Privacy Officers. CSR's SIPO
drawn to payments because "payments are at the core solution provides clients with top Certified Information
of what is keeping people in business," he said. CSR's Privacy Professionals (CIPPs) with certifications in the
initial goal ? to offer compliance remedies for regulatory United States, Canada and the European Union.
headaches ? remains relevant today.
"We have four CIPPs in our organization, so we're fully
CSR offers a range of data privacy and security tools and certified to provide these services," Federgreen said.
services for businesses, organizations and even schools. Internally, CSR has 25 to 30 individuals comprising teams
These include the patented CSR Breach Reporting Service, to address clients' specific needs and performance criteria.
which facilitates timely, accurate PII data breach reporting Federgreen estimated that 85 percent of CSR's clients are
and consumer notifications; the patent-pending CSR ongoing. "We're all about education and learning," he
Readiness Suite, a data life cycle management program said. "That's true in everything we do."
that provides online risk evaluation, remediation and
employee training material related to PII; and Stand-In ISO benefits
Privacy Officer (SIPO), which provides comprehensive
consulting for midsize and large companies. With the commoditization of payment processing,
income from value-added services has become critical.
Breach reporting Meanwhile, mass-market distribution of CSR's products
through ISO channels has made its online compliance
The consequences of not reporting breaches can be solutions affordable to a majority of merchants,
drastic, with "very serious dollars" assessed in penalties, Federgreen stated. Our services "bring stability to the
Federgreen noted. Additional damages include class- acquirer relationships," he said. "They give the merchant
action lawsuits, years of federal oversight, civil and and provider and their partners the leading edge in PII
issues over time." Federgreen sees significant opportunity
ahead for CSR's ISO partners. "We are continuing to grow
our team of certified individuals, expanding dramatically
on a global basis," he said.
31
