Phoenix Managed Networks contends it has established enough interest in the United Kingdom for its merchant fraud-prevention services that it plans to cast a wider net to pull in more clients.
Two months after rolling out its service in the UK to help merchants, independent sales organizations and other technology resellers smooth over the generally complex process of implementing and complying with Payment Card Industry data security standards, Phoenix is prepared to do the same in North America.
The Reston,Va.-based payment network services provider announced the availability of its PhoeniXSentry routers and software to acquirers and processors for their brick-and-mortar merchants in the UK last March (see story).
After showcasing PhoeniXSentry in April at the annual Electronic Transactions Association conference in Las Vegas, Phoenix began to promote the service more heavily in the United States and Canada.
The company plans to work with partners in the U.S., such as Atlanta-based ControlScan Inc., to activate PhoeniXSentry at retail locations that tend to have “multiple terminals and multiple checkout lanes in the store,” Matthew Mudd, Phoenix chief operations officer, tells PaymentsSource.
As a reselling partner for Phoenix, ControlScan secured Pearl Specialty Market and Spirits stores in Oregon as Phoenix’ first U.S. customer last month. Pearl signed on to use ProTect Network Firewall, the name ControlScan places on the PhoeniXSentry service it sells.
“Being able to place a private label on the service is a big key for us,” Mudd notes. “If a partner wants to control the service, the name will have a direct relationship to them.”
However, some partners or clients prefer not to private label the product and instead set up a sales-referral relationship with Phoenix, Mudd says.
“We want to provide an understanding to the acquirers of how PhoenixSentry addresses PCI compliance,” Mudd says.
Acquirers and ISOs have relationships with merchants, so it is important for them to grasp how the PhoeniXSentry routers and software address security and compliance concerns, especially when merchant systems convert from standalone dial-in systems to broadband, he adds.
Phoenix signed an agreement earlier this year with Auckland, New Zealand-based Mako Networks Ltd., a cloud-based network management company, to help develop PhoeniXSentry (see story).
The data-security service essentially locks down a merchant’s payment system if a fraudster uses an outside computer to try to enter any vulnerable portion of the overall system.
PhoeniXSentry simplifies the key elements of PCI compliance by using a preconfigured template for merchants to follow and monitor for enforcement. It also provide firewall and security protocols that can sense intruders.
Mako also has enhanced the product to provide a way for merchants to select a backup device that would remain PCI-compliant if a primary connection locks down because of suspicious activity, Mudd says.
In addition, PhoeniXSentry now includes “rogue hot-spot sniffing” that locks down an unauthorized Wi-Fi connection attempting to enter a payments system, he adds.
“In some cases, fraudsters will attempt to obtain card data from a system and then launch it to another network through a Wi-Fi connection they have attempted to add to the system,” Mudd explains.
As more retailers consider Wi-Fi as a low-cost way to facilitate payments, Phoenix is wise to upgrade its security service to include ways to block unauthorized connections, Scott Strumello, a consultant at New York-based Auriemma Consulting Group, tells PaymentsSource.
“Fraud-prevention companies really can’t build software and have it last forever,” Strumello says. “These companies are really paid to think like the criminals, in terms of what they are developing next, because prevention is an ongoing task.”
New prevention technology evolves, just as new cyberattacks evolve, Strumello adds. “I don’t know detailed specifics about the Phoenix system, but they have interesting ideas about protecting vulnerable access points in a payments system,” he contends.
Those interesting ideas have created plenty of interest among potential clients, McDonnell suggests.
In fact, positive feedback and the number of processors testing the service in the UK convinced company executives it was time to bring the product to North America. Phoenix plans to announce the signing of several UK clients in the next few weeks.
“We have had a number of pilot-testing sites in the UK, with acquirers like Global Payments testing it and recommending it to clients,” Phoenix CEO Jack McDonnell Jr. tells PaymentsSource.
Other processors and acquirers evaluating PhoenixSentry in the UK include First Data Corp., Barclays PLC, HSBC Holdings PLC and WorldPay, McDonnell says.
“We want to sell wholesale and target companies, like those in the fast-food industry with a need for 200 to 2,000 [router] units,” McDonnell notes. “And we also want to get ISOs interested in getting mom-and-pop merchants to upgrade their system security [with PhoeniXSentry].”
The eventual conversion of the U.S. payments industry to the EMV smart card standard common in Europe causes needed changes in the PayGate payments gateway product Phoenix offers, but PhoeniXSentry makes an easy transition to the chip-based technology, McDonnell says.
“We also have to have the gateway to accept EMV in place in Canada [which uses smart-card technology],” McDonnell adds.
Written By David Heun