ConnectBooster notes that MSPs are typically blamed if there is a breach around a payment systems vulnerability, even though they usually had no role in deploying the payments solution, so the new Secure Payments solution was created to give them the expertise and ability to play that role.
Fargo, ND-based ConnectBooster, which makes secure payment solutions for IT services firms, has launched a new payment solution. Secure Payments is designed to bring the MSP into the conversation with the customer around payment security, a conversation that is seldom had today even though the MSP is likely to get the blame if a payments weakness leads to a breach. Secure Payments provides a simple assessment, based on PCI DSS best practices and other industry standards. It lets MSPs discuss payment security with customers in language with which the MSP is comfortable, lets them quickly evaluate and address the security, compliance, and optimization of their clients’ payment landscapes, and offer protection that both removes regulatory liability and the damage directly caused by a payments breach itself to the customer.
“The problem today is that MSPs are generally held responsible for security breaches but not involved in the conversations around payments,” said Ryan Goodman, President of ConnectBooster. “It’s one of these things that they should be assuming responsibility for, but which has gone neglected. Yet if something goes wrong, the first finger is pointed at the MSP. The MSP should be involved as part of the delivery mechanism for the payments security product. They are being blamed anyway, so they should be involved.”
Goodman said the issue here is that payments security is not something where MSPs are conversant, or for that matter even aware of many of the issues involved.
“There’s a big gap between what the payment professions are concerned about in cybersecurity, and MSPs’ concerns around payment data that they have around client networks,” Goodman indicated. “There has been a disconnect between the availability of these kinds of solutions around secure payment gateways and PCI implementation, and MSPs’ awareness and use of them. Yet these are a set of solutions that MSPs should be having a conversation about with their customers. We want to bring that to the forefront – so that MSPs and their customers can have conversations around payment.”
Secure Payments consists of a set of payment processing tools, which offer different ways of accepting payments that are common in the market. Secure Payments also provides questions the MSP needs to ask customers in order to get a full picture of their payments environment.
“There are nine criteria that should be asked, around data and also the pricing aspect,” Goodman said. “The questions are designed to create areas where their end client doesn’t know the answer.” The nine criteria are: point to point encryption; EMV chip acceptance; annual PCI self-assessment questionnaire; PCI DSS compliance; credit card fees; tokenization; payment software integration; credit card fee recoupment, and secure payment gateway.
“About a year and a half ago, we started Secure Payments within our partner program,” Goodman stated. “We discovered that MSPs didn’t have a good playbook to have these conversations. This now provides that good playbook to ask technology security questions that are in the MSP’s wheelhouse, not payments questions. We need to frame it that way to move it MSPs into asking effective security payments questions.”
The technology for this was developed by one of the companies ConnectBooster is affiliated with as part of holding company BNG.
“Most people know us as ConnectBooster inside of the channel, but we are part of a four-company portfolio [BNG] which has a long standing business where we have helped SMBs accept payment,” Goodman said. “We leveraged that part of BNGs broader portfolio for this. We can help shore up and secure issues that exist with partners who should be having these questions.”
Secure Payments is sold to MSPs as a separate service, and Goodman said he expects that MSPs will offer it to customers as a line item as part of an ongoing service, not as a one-shot service or a pre-sales incent.
“This is a 2 degree change in conversation from what MSPs should already be having,” Goodman concluded. “This has enormous implications for the customer. The issue here isn’t just regulatory penalties for disclosure of personally identifiable information from unencrypted credit card data. The financial implication of a payments breach is often immediate and can be devastating in itself, and a costly act to a merchant. Much of this can be prevented by MSPs asking some simple questions to their clients.”