Posted by: paragon | December 28, 2007

PCI Compliance: Acquirers and ISOs

For liability concerns, an acquirer should not directly advocate any one ASV or QSA to their merchants, however it is acceptable for the acquirer to tell the merchants what third party company or companies that they have strategic partnerships with.

“Try to seek a partner who you can rely on to assist with your PCI Compliance program, ControlScan offers a number of solutions for merchants, ISOs and acquirers and currently partners with one of the largest acquirers in the United States,” said Stanton.

As well, the PCI Security Council has a list of approved ASVs and QSAs. Visa and MasterCard also offer their own lists on each Web site.

“Acquirers and ISOs should establish a relationship with a trusted, association-approved PCI assessor, and develop a program for all their merchants to establish compliance, and ensure periodic testing so that compliance remains intact moving forward,” wrote Gray.

A model relationshipThird Party ASVControlScan, Inc. is an Atlanta, Ga.-based, PCI Security Standards Council–approved third party vendor (ASV), providing vulnerability scan and assessments, compliance assistance and network security. Their clients include Fortune 500 and billion dollar corporations such as: Travelers Insurance and PBS.The company offers a turnkey, no-software-needed approach to PCI compliance, and its security certificates assist in meeting the criteria for mandates in Europe, Japan, Canada, ISO and the USA, not only for PCI compliance but also for Sarbanes Oxley, HIPAA, GLBA and FISMA fulfillment. AcquirerAccording to ControlScan’s CTO & Founder, Richard Stanton, the company recently became the ASV for PowerPay, LLC, mentioned previously in this article.“PowerPay requested that we [ControlScan] conduct all of their mandated PCI compliance scans, for all 16,500 of their merchants,” said Stanton.“What sets us apart from other vendors, is that we actually call the merchants, directly, and we also provide a secure Web system, so a company like PowerPay can log into our system and check their merchant’s PCI status at any time.”He continued, “ControlScan is very proactive, providing contact with the merchant, in order to make sure each merchant is PCI compliant…we actually make direct phone calls to each merchant.”

According to PowerPay President Ron Greenberg, after meeting representatives from ControlScan at an industry conference, the company decided ControlScan offered the best PCI compliance scanning program.

“They have a very structured program of trained outbound sales agents along with personalized consulting to assist our merchants in complying with PCI DSS,” says Greenberg. “Other vendors typically did limited outbound sales with no technical support to the merchant.”

In addition to offering the quarterly network scans, mandated by PCI DSS, ControlScan offers an automatic submission solution, for merchants sending the 12-section PCI Self-Assessment Questionnaire.  


e-Online Data is a credit card processor, offering merchant solutions for Internet, Mail Order and Auction sellers. They service e-commerce merchants ranging from startups to billion-dollar companies, according to their Web site.

At the bottom of the e-Online Data homepage, there is a sentence that reads, “e-onlinedata is a registered ISO/MSP of HSBC Bank USA, National Association, Buffalo, NY”

In this model, HSBC Bank USA is the actual acquiring or ‘member bank’, and e-Online Data is considered an ISO.

The partnership between acquirer, member bank, ISO, third party ASV and merchant looks like this:

pci compliance dss iso and acquirer
View the entire image here
Aggregation: ParagonHost, LLC
“World Class Internet Services”
Merchant Services: Paragon Authorize –
Internet Content Protection: Scan Defense –
Spam Prevention and Protection: The Spam Busters –

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: