Nova Information Systems (NOVA), a wholly owned subsidiary of U.S. Bancorp (NYSE:USB) and a leader in the payment processing industry, has launched a data security compliance program to help "Level 4" merchants comply with the Payment Card Industry Data security Standard (PCI DSS).
According to the PCI DSS, Level 4 merchants are defined by processing fewer than 20,000 e-commerce transactions and/or fewer than 1 million Visa or MasterCard transactions annually. NOVA currently processes for more than 850,000 merchants in North America, most of which meet the Level 4 criteria.
To help small businesses better secure credit card information they process and/or transmit, all of NOVA's Level 4 merchants will now have access to AmbironTrustWave's Risk Profiler, an automated risk analysis engine. The tool has primarily been used by acquirers and ISOs to identify and aggregate risk across their entire merchant base. NOVA's implementation will allow its merchants to directly access the tool and complete a series of questions about acceptance methods, point-of-sale system, transaction volume and other parameters. Once completed, a risk score is provided along with recommendations for the merchant to achieve PCI DSS compliance.
"The protection of consumer and card data is imperative for merchants of all sizes," said Gerry Tilson, vice president, Card Association Compliance, NOVA. "As larger retailers implement PCI-compliant systems, fraudsters will have even more of a tendency to move downstream to smaller businesses. Together, NOVA and AmbironTrustWave are working toward end-to-end security for all merchants in our base."
"While much of the attention regarding PCI DSS compliance for the past couple years has focused on the large merchants and service providers, the trends indicate that small businesses are just as vulnerable to a data security breach," said Robert McCullen, chairman and CEO, AmbironTrustWave. "We applaud NOVA for taking such a wide-scale proactive step in protecting cardholder data and mitigating risk for all of its merchants."
Small businesses tend to be victimized by hackers more than large businesses. In fact, according to an analysis of AmbironTrustWave data compromise investigations, Level 4 merchants account for more than 80 percent of the cases in which credit card data is stolen from merchants. More than 90 percent of compromises are caused by a security flaw in a third-party software or service used by merchants to process credit card transactions. The average compromise case results in the exposure of approximately 40,000 credit cards.
AmbironTrustWave developed the RiskProfiler in 2005, and since then several large acquirers and ISOs have used the RiskProfiler to identify and aggregate their risk across thousands of merchants.