Security and PCI Compliance

Trustwave Security Solutions

by Ben Dwyer

Cybersecurity firm Trustwave provides businesses with tools for data protection and risk reduction in the fight against digital crime.

Credit and debit card fraud is a multi-billion dollar crime industry, with issuers absorbing roughly 60% of the annual losses and businesses hit for the other 40%. Trustwave offers multiple services for businesses, but for the purposes of this article we’ll focus on PCI compliance and payment services.


Introduction to Trustwave

When it comes to fraud protection for your business, should you put your trust in Trustwave? An enormous number of companies rely on it.

Trustwave, based in Chicago, has a global reach with clients in nearly 100 countries. Currently, more than 3 million businesses use Trustwave’s “Trustkeeper” compliance and security platform and related apps.

PCI Compliance

Any business that accepts credit cards must be PCI compliant. With new Visa PCI compliance regulations becoming mandatory for Level 4 businesses in January, small business owners are scrambling to become compliant. It’s a confusing situation for many business people, and Trustwave offers services for businesses of every size, covering all compliance-related issues.

Related Article: What is PCI compliance?


Small businesses are soft targets for hackers, since they often do not have sophisticated security protection. Trustwave notes that 71 percent of all cybercrimes occur at businesses with fewer than 100 employees. A more chilling statistic – 80 percent of small businesses hit by a cyberattacks go out of business within 18 months. Trustwave offers the PCI Manager with the SMB Security Toolkit, a compliance and security package in one, with 13 “integrated security solutions.” Trustwave touts the package as affordable, estimating all the solutions would cost at least seven times more if purchased separately from another vendor. The package includes training and a helpdesk available via phone, email, or online chat.  There’s the Trustwave “Intelligent PCI Wizard,” which guides users through the steps needed for their particular enterprises. The kit is designed for businesses without a dedicated IT staff. Once a business becomes compliant via Trustwave, the system ensures it stays compliant.

Other parts of the integrated security solutions include:

  • Security health check – monitoring of end points
  • Security configuration monitoring – monitoring security endpoint configuration against PCIDSS controls
  • Credit card data scanner
  • Point of service tracker
  • Unauthorized device monitoring
  • Trustwave anti-virus – detects, prevents and removes malicious viruses
  • Web malware monitoring – monitors malware on the company’s website.

Payment Services

Payment services are vulnerable to fraud from various angles. Trustwave notes that it’s not the garden variety credit or debit card thief that businesses must primarily worry about, but sophisticated, international crime rings. It’s a game of cat and mouse, as cybersecurity professionals continually develop new methods to protect information and crime syndicates keep working to breach online security and steal data. These syndicates operate on a business plan, and it consists of finding the least expensive and easiest way to obtain high-yielding payment information.

The Trustwave solution to this ongoing dilemma is holistic – every step in the payment chain is constantly monitored and protected. These steps include:

  • Penetration testing – data security teams attempt to penetrate a company’s network. Basically, these teams are trying to see how fast and how easily such penetration is possible. They work in much the same way as cybercriminals, but for ethical reasons. Penetration testing differs from the similar – but less effective – vulnerability scanning. The latter, also offered by Trustwave, is conducted by machines. More thorough penetration testing uses expert human knowledge to duplicate a hacker’s experience and discover a system’s weak points. Once a network’s vulnerabilities are recognized, Trustwave can devise solutions. Penetration testing is generally conducted several times a year.
  • Vulnerability scanning – once a company’s vulnerabilities are identified, its risks are prioritized. The company can run scans on a regular basis throughout the day or whenever needed. Trustwave features the Vulnerability Manager, which it claims reduces false positives and scans more rapidly than competing software. The end result- is accurate findings, delivered quickly.
  • Managed services – Trustwave offers integrated managed services based on individual client needs. A single, user-friendly dashboard allows clients to view program status and access all services.
  • Incident response – when a breach is detected, Trustwave immediately springs into action. It identifies the source of the breach – from phishing schemes to direct hacks – and isolates affected systems. The goal is minimal undesirable consequences for the company and prompt development of a removal/remediation plan. Trustwave trains company employees to recognize possible compromises and runs drills enabling staff preparation for various scenarios. These tests are custom-designed for each client.

Related Article: Data Breach Prevention and Insurance.


Praise for Trustwave

In 2014, Forrester Research, Inc. named Trustwave a “leader in the Managed Security Service Provider marketplace.”  The independent research form noted Trustwave received “the highest scores possible for services delivery capability, service-level agreements (SLAs), continuous monitoring capability, 2013 North American clients, as well as client and revenue growth for 2013.” Thirteen vendors were assessed by Forrester Research, Inc.

In 2016, industry analyst firm IDC named Trustwave as a leader in its “U.S. Emerging Managed Security Services 2016 Vendor Assessment,” pointing out their partnerships with leading international telecommunications companies, “comprehensive portfolio covering basic and advanced services,” and excellent customer feedback.

Card Not Present named Trustwave “the best PCI compliance provider” at its 2016 expo in Orlando, Florida.

The Reviews Are In

Online reviews – admittedly subjective opinions – fall into two distinct camps. Large and medium-sized businesses overwhelmingly praise Trustwave, pouring on the superlatives. That’s not the case with small-business owners, who write that the company doesn’t pay attention to their concerns. It’s possible that larger enterprises have more technological expertise on staff, with a better understanding of the process. Small business owners may require more hand-holding than Trustwave is able to provide. That’s just a supposition based on reviews, so it’s important not to read too much into it.

As for employee reviews, they’re overwhelmingly positive, with many workers remarking on the high caliber of the Trustwave team. Several reviewers used the term “best and the brightest” to describe Trustwave personnel.

If you’ve used Trustwave at your business, let us know about your experience in the comments section, below.

Industries

Trustwave provides services to all types of industries, from international corporations to local restaurants. The company notes that individual industries face unique challenges and compliance issues. While Trustwave provides payment services to all types of entities, it offers specialized security for the following:

  • Education
  • Financial services
  • Government
  • Health care (includes HIPAA requirements)
  • Hotels
  • Restaurants
  • Retailers

Trustwave and the Target Stores Breach

A hack directed against retailer Target in late 2013 stole debit and credit data from approximately 40 million customers. In 2014, two banks filed suit against Trustwave, alleging the company had provided security services for Target. Although the suit made headlines, it was later dropped because Trustwave did not provide services for Target.

Making a Decision

Choosing the right provider for security and compliance purposes is one of the most important decisions your business can make. One compromise might spell ruin for your company. Trustwave certainly has a global network, a good reputation and a long track record. It’s possible your bank or processor may already use Trustwave’s services, in which case they can enroll you as a partner. Ask your bank or processor about the tools they use for fraud prevention, and why they rely on a particular provider. Security is as important to them as is to you, and this information can help guide your decision.

Leave a Comment

Your email address will not be published. Required fields are marked *

Credit Card Processing exposed

Use the secrets that credit card processors don't want
you to know to drastically lower your credit card
processing fees.

Read Now!
 

You might also like…

View all articles..