Mercury Payment Systems, a Vantiv company (NYSE: VNTV) and a provider of payments technology and services for small and medium-sized businesses (SMBs), today announced progress on its Security Pays initiative, which is designed to work with payments partners to drive adoption of more secure practices and products, to secure customer data in the payments ecosystem. After three months, more than 500 developer partners have enrolled, with 50 companies now certified as Qualified Integrators and Resellers (QIR) through the Payment Card Industry Data Security Standard Council, up from only seven who had the certification in July. These developers and partners work with tens of thousands of small and medium-sized businesses who because of Security Pays are now using more secure practices to process their payments and protect their customers’ data.
“Security is a shared responsibility, which is why we built the Security Pays program. We saw recurring remote access breaches and other payment environments that were compromised, some of which were easily preventable,” said Matt Taylor, group president integrated payments and emerging channels, at Vantiv. “Through education, partnerships and hard work, we are seeing progress, but we have a lot more work to do.”
Security Pays, which extends through Vantiv Integrated Payments to include both Mercury and Element partners, promotes critical security standards and the adoption of products that add layers of protection to the payments process, such as end-to-end encryption and tokenization, as well as EMV acceptance. The participating developer and dealer partners are also equipped with a subsidy for businesses to financially assist these merchants with the necessary security hardware or software upgrades required.
In addition, more than 80 partners have signed the Secure Remote Access Attestation, indicating they will follow best practices on remote access, representing a concerted effort to help protect merchants’ business and the payments ecosystem as a whole. If the remote access connection is not configured and managed properly, it can provide an easy entry point for unauthorized intruders. Vantiv encourages partners to fight the alarming increase in data compromises through POS vendor’s remote access by following industry best practices.
“The EMV liability shift on October 1 pushed the entire U.S. payments ecosystem into one of the largest changes the industry has ever seen. Not only have we introduced new technology, but new regulations and security risks that come along with them. While it is one step forward, it is going to take time and participation to secure the entire ecosystem,” said Thad Peterson, Senior Analyst, Aite Group. “Security Pays and the efforts with Vantiv, RSPA and the PCI Council are making strides to educate and encourage partners to make serious changes. It’s a positive ‘carrot’ to the EMV ‘stick’ of complexity and cost.”
The Retail Solutions Providers Association (RSPA) along with Mercury provided several free testing locations for the QIR exam with more than 200 individuals taking the test to be certified. Others are enrolling every day. “We worked with the PCI Security Council to make the QIR education and certification program more accessible to the reseller community. We will continue to promote the benefits of the QIR education and certification,” said Kelly Funk, president and chief executive officer of RSPA. “Being a more knowledgeable advisor to the merchant is a differentiator in the industry and more ISVs and VARs are seeing the value.”
Amid data breaches involving POS systems with weak remote access controls, Visa announced last month that starting in March 2016, acquirers must ensure all newly boarded Level 4 merchant POS software and terminal installations and integrations be performed by QIR-certified companies and professionals, as well as all servicing of POS applications and terminals be performed by QIR certified professionals and companies by January 2017.
“Visa’s objective is to move payments security forward by ensuring that POS integrators and resellers more directly support the compliance efforts of their merchant customers,” said Sonia Sng, senior director of data security and third-party risk, at Visa Inc. “Integrators and resellers that complete the QIR program will also be included in the lists of approved, qualified providers maintained by the PCI-SSC and Visa to help merchants easily identify resellers that are up-to-date on the latest security best practices.”
“We have more than 500 partners enrolled in Security Pays today, representing tens of thousands of small and medium-sized business who are navigating to a safer, more secure place,” said Matt Downs, senior vice president of channel for Vantiv Integrated Payments. “Because of our work with the PCI Council and RSPA, the Vantiv/Mercury partners and their merchants are ahead of the rest of the ecosystem to meeting the new Visa requirements and ultimately helping mitigate the risk of merchant compromises.”
For more on Security Pays go to www.MercuryPay.com/security-pays.