[Mako's Adrian Pearce with Chris Lee from Netcare]
Security-specialist services provider Mako Networks has achieved certification in PCI DSS (Payment Card Industry Data Security Standards) and wants more partners to help capitalise on the opportunity to assist smaller merchants to become compliant in the standards.
Since last year it has been working on developing the Mako System in PCI DSS, a hosted service.
Mako Networks business development director Simon Gamble says his company provides secure IP connectivity and the service automatically keeps the software on the firewall up to date.
“We keep track on where the POS [point of sale] machines are communicating and what devices are connected to that network, so no-one can plug in alternate devices to try and hack the devices from within. We automatically detect when a POS machine has been disconnected from the network and report on that. The credit card data goes over the network that we provide, but at no stage do we look at the credit card transactions,” he says.
He believes the certification makes it the world’s first PCI DSS centrally managed service provider.
Mako Networks has been educating banks about the PCI DSS standards and its channel partners will be introduced to banks Gamble says.
“The channel partner may then provide deployment and support services to the banks’ merchants. Some of the banks may choose to do this service themselves.”
He says it already has some channel partners in place and is looking for more. The number and type of partners will be determined by banks, along with the cost of the system for merchants.
“If a bank wants to control everything, then they may dictate who the channel partner is going to be.
“We’re already in talks with banks in New Zealand, Australia, Asia, South Africa and the Middle East.”
With many merchants having multiple sites around the world, he estimates the New Zealand business alone could be worth $100 million a year.
“It’s not replacing all the business we do, but it is opening up new markets.”
The company says there is a global market of 35 million SME merchants needing compliance with PCI DSS, for which a set of requirements was developed by the payment card industry in 2005. Merchants processing, storing and transmitting credit card transactions must comply by 2012.
Gamble says PCI DSS requires a number of security standards that merchants would have difficulty maintaining without the Mako system.
“They would have to engage with an IT professional at every one of their sites. It also specifies that they must maintain that compliance on an ongoing basis. If you’re a tyre shop or a florist, the reality is you’re not going to do it.
“If you’re unwittingly providing credit card details to criminals, then the banks can pass those fines on to the merchant. For most small merchants those fines would put them out of business. We’re talking hundreds of thousands of dollars.”
The company wasn’t aware of the PCI DSS standard until last year, when its biggest partner Telecom approached it.
“We were in a position to take advantage of the opportunity, because the way our hosted management platform had been designed was around central management and smaller sized businesses. All of those are things PCI DSS has specifics for.”
Mako Networks CEO Bill Farmer says implementing the PCI DSS standard will be worth $75 million in revenue per month for the company.
"The Mako solution is the most cost effective method for small businesses to attain PCI compliance."
The certification was celebrated at an official launch event at the Auckland premises on 4 February, attended by Prime Minister John Key.