The past year has been a challenging one for many of us. But it has also created the unique conditions which lead us today to an exciting tipping point. As more businesses expand online, and customer money and payment data flow in the same direction, it’s never been more important for Merchant Service Providers (MSPs) to understand how their risk profile is evolving.
Into this world steps ZeroRisk, enabling a new way of doing things. We’re backed by decades of payments and cyber security expertise, utilizing proven technology but designed for a new era of payment security compliance and third-party risk management.
PCI DSS is at its heart all about risk identification and mitigation. By understanding where merchants are most exposed, acquirers can support merchants and Payment Service Providers (PSPs) in making specific improvements to protect end customers from fraud, and the payment chain from lost reputation and earnings. Yet over recent years, compliance efforts have drifted— today too many merchants treat it merely as a tick-box exercise.
This isn’t necessarily the market’s fault. To date, there simply weren’t any solutions out there to help MSPs understand with any accuracy the real security posture of their clients. Engagement from merchants is low as in-house cyber expertise is often limited and they see this as another form to fill, with little or no value for their own business. This becomes an expensive and complex problem for MSPs to manage when multiplied by the tens of thousands of merchants across their portfolio.
This is the problem we fell in love with, and ZeroRisk is our solution. Our mission: to provide an end-to-end merchant portfolio risk management system to help MSPs manage effective compliance programs at scale. At the same time, we want to drive real value for merchants by helping them to understand what their real security posture is, and then guiding them through any required remediation.
Sentiment studies showed us that the market wasn’t satisfied with current solutions for managing PCI compliance. Merchants weren’t engaged and acquirers were seeing limited ROI, as compliance rates continued to decline. Against this backdrop, we feel that now is the time to reshape third-party programs around risk, rather than tick-box compliance.
It’s also been the result of five years of planning and in-house technology development. The culmination of our efforts to bring in some of the most talented and experienced executives in the payments and cyber security sectors.
ZeroRisk is built on something unique: a security risk scoring system which allows MSPs to independently validate the cyber security and compliance posture of their merchants at scale, without any intervention required from the merchants themselves. This is our breakthrough IP and it allows us to automate contextualized risk assessments at scale for our MSP customers. This enables them to gain real-time insight into their merchants and to follow-up, not only with advice on remedial actions but with better payment and technology solutions.
It’s a far cry from the static, point-in-time and incomplete information MSPs are used to working with. The actionable insights ZeroRisk generates create value and new business opportunities right across the whole payments ecosystem — driving cost efficiencies, enhancing compliance and risk reduction efforts while transforming cost centers into revenue centers.
As mentioned, we’ve assembled a superb team of industry experts to shape the strategic direction of ZeroRisk, with decades of experience in payments and cyber security. They include:
Marco is the CEO of Advantio — the largest PCI QSA organization in Europe, with a client-base of over 300 organizations.
With more than 20 years’ experience in financial services and technology, Neira believes in change through innovation and partnerships. She’s regularly invited to advise organizations of all sizes on payments, cyber-crime and digital innovation.
Francesco is the CTO of Advantio and has been an IT and cybersecurity researcher for more than 10 years. He has an innovation-driven methodology and an honest passion for technology which drives his approach to solutions development.
Richard has two decades of business development experience working for various cyber and payment security specialists. He’s been actively involved in PCI DSS since its inception, working on the sale and roll out of large-scale compliance programs to MSPs.
Ian is a payments and FinTech veteran, with experience across the entire payment value chain at CEO, C-suite and board-level. He has worked for leading global brands, start-ups and growth-stage companies.
Asli has over a decade of customer success and project management experience in global technology companies.
The ZeroRisk solution has been maturing for five years. We’ve had the opportunity to run it in many live customer environments, which has been invaluable in helping us to build the best solution possible. Now we’re ready to redefine merchant portfolio risk management.
The legacy snapshot of a PCI DSS SAQ will not provide the kind of continuous insight MSPs need. Instead, automated, contextualized risk assessments at scale are required.
This guest blog outlines some tips for maintaining the cyber security of your business.