Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
We are living in the mobile age. Individual users download and rely on mobile applications to retrieve information and complete personal tasks. Reading the newspapers, checking bus timings, flights arrival and bank accounts, booking trips, playing games and much much more is nowadays possible just with a smartphone. The chart below shows the continual growth of the number of available apps in the Apple App Store from July 2008 to June 2015.
Following this trend, Advantio decided to invest their resources in the mobile channel and provide a tool that anyone can use to complete the tasks described in PCI DSS requirement 9.9. When we say "anyone" we really mean it, as the product we are introducing here was thought for users with zero knowledge of IT security whatsoever.
Advantio’s first product was finally launched last year, it's called ZeroRisk PINpoint. A web application that IT Security Managers, Compliance Managers, Line Manager and Employees can open from any type of support (desktop, laptop, tablet, mobile) and using any OS (operating system, such as iOS, Microsoft Windows and Linux): all you need is a web browser and a well defined "roles and responsibilities" map for your organisation.
Thanks to the support of the experienced QSAs (Qualified Security Assessors) and Software Development experts of our team, Advantio has been able to identify the needs of Large Merchants, Retailers and Service Providers accepting payments in a card-present (or face-to-face) fashion and required to be PCI compliant.
This helped us deliver a PCI DSS Compliance management product created to monitor the physical security of payment card readers:
Starting from the 1st of July 2015, complying with the PCI DSS requirement 9.9 is mandatory.
The major risks with these terminals are related to tampering, manipulation and installation of malicious software or replacement of hardware. We are talking about several types of terminals here:
Most of the Large Merchants, Retailers and Service Providers operate through a number of stores/shops where employees are always working hard and have not much time left for PCI Compliance related tasks.
This is true especially if those tasks have to be completed in an old fashioned way, manually, using complex spreadsheets and having to keep a logs' repository spanning several years.
Imagine if you could recurrently audit devices directly from your smartphone and look at the information captured through the audit from your computer. Imagine if you could monitor all the audits in one place and download a detailed report about all your devices and locations.
In fact, we would not be surprised to hear that you have to control thousands of locations (stores, shops, hotels, laboratories, etc..) and tens of thousands of devices spread all over your region, country, continent...or everywhere in the world.
A modern view over the world map is provided to manage all yoour locations, add and remove them easily, explore the devices in a smart way.
Is your business operating in several locations over the globe? Are you nationally present with various shops? This is not a problem when you use PINpoint.
Furthermore, you can register all the users you need and make sure they will be able to operate only in particular locations by setting their access rights. This way you will be able to monitor their tasks and communicate directly with them when needed.
Anyone in your organisation can help you monitor and control the devices’ compliance status using ZeroRisk PINpoint.
Employees (i.e. cashiers, customer agents, etc..) can launch the application from their mobile device, or their tablet and go through a pre-designed auditing process to inspect each card reader in use in their workplace. This is not only possible, it is actually EASY! Employees will be trained when they launch the application for the first time thanks to some friendly characters and video tutorials.
Line Managers (i.e. anyone who is responsible for the duties of each location) can support the employees in the auditing process and they can monitor the status of each device in their particular location. This would help the operations to be carried out in the most smooth way.
Last but not least, IT Security Managers or Compliance Managers will be able to easily monitor the status of each device from an online dashboard that shows the auditing progress for each device available and filtering them by any location. They will also be notified in case of a security warning and act immediately to avoid losses for the organisation and their customers by fixing or replacing the attacked devices promptly.
PCI DSS is becoming more and more urgent everywhere in the world and SaaS solutions are every day more trusted and used. The SaaS type of approach is extremely effective when an online dashboard is flanked by a mobile application to monitor over the status of your PCI DSS compliance.
Everyone can use a mobile phone without a particular training needed nowadays. But Advantio doesn’t want to miss out and we are constantly working on a series of video tutorials to support our clients. Take a look at what we are doing and don’t hesitate to contact us for any question related to ZeroRisk PINpoint.
Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.
My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.