First Data And Trustwave Sign SMB Security Deal

Small and midsize businesses soon may secure payment card and other sensitive data and monitor for malware and other system-security issues under a partnership initiative Trustwave and First Data Corp. announced on June 11.

Trustwave works with some 90 partners worldwide on their Level 4 Merchant Compliance programs, but the deal represents the company’s first partnership with First Data, James Taylor, Trustwave vice president, said in a PYMNTS.com interview. Some 2 million businesses are enrolled in the company’s TrustKeeper platform.

Through the agreement, small and midsize businesses (SMBs) that use First Data payment-processing services gain access to the security package through Trustwave’s cloud-based TrustKeeper platform. The service, the price for which First Data wouldn’t disclose, delivers security through purpose-built, endpoint security and advanced eCommerce-vulnerability monitoring, while helping businesses achieve and maintain compliance with the Payment Card Industry Data Security Standard, the company said.

The core services in the product offering will provide small businesses access to information-security services designed to help protect them from malware and viruses, critical system changes, unauthorized devices, security misconfigurations and non-compliant payment card storage.

Though the individual services are not knew and are market-tested, how First Data is positioning them is unusual, Taylor said.

“What’s different with this partnership is how many merchants that can benefit from it and the way security is being emphasized over the typical compliance approach,” Taylor said. “What we found is that PCI compliance should be considered the ground floor for security and not the end goal. The end goal should be protecting sensitive data.”

Indeed, how many companies that have been breached have said they we PCI compliant? One of the issues with PCI is that compliance is not a static thing, and systems environments can change at any time. As such, enabling smaller merchants to monitor their systems continually, rather than simply checking boxes on a form to comply when required, should help keep their systems secure throughout the compliance cycle.

Besides PCI DSS compliance tools, Trustwave and First Data plan to offer businesses malware and anti-virus protection that uses signatures and behavioral analysis to help protect systems from viruses and other malware, file-integrity monitoring using scans of critical systems and components for changes that may be caused by a data breach or malware, and unauthorized device alerting to inform businesses about unauthorized devices, workstations and servers connected to their network.

The service also verifies payment card data are not being stored unencrypted, and security configuration monitoring verifies basic security controls are configured properly. Merchants are given a user name and password to connect to the security portal. No special hardware is needed, and the service is usable on all POS systems, according to a First Data spokesperson.

“We will market the Trustwave Solution as part of our expanded First Data security solution that will launch later this year,” she said in an emailed statement.

Businesses are alerted if any systems appear to be compromised, Taylor said, noting the service includes a dashboard, which is part of the TrustKeeper platform. “Small businesses will be able to access this very easy to use, real-time dashboard that identifies whether find a virus or cardholder data is within their environment so they can resolve the remediation issue in a very efficient way,” Taylor said.