ISO - Industry News

Trustwave PCI Scans To Include Malware Detection


A recent acquisition is enabling Trustwave to add malicious-software detection to the data-security scans the company performs to check compliance with Payment Card Industry data security standards.

The malware-detecting software, which the Chicago-based security vendor is picking up with the impending purchase of M86 Security, should serve as a differentiator for ISOs and agents that promote it to merchants, Doug Klotnia, Trustwave executive vice president, tells ISO&Agent Weekly.

Merchants should welcome the offering as another way to cope with criminals seeking to steal card data, notes Todd Ablowitz, president of Centennial, Colo.-based Double Diamond Group LLC.

“The bad guys keep evolving, and you have to stay ahead of the curve by doing the best job you can of detecting malware,” Ablowitz tells ISO&Agent Weekly. “When you detect the malware, you win.”

Malware can lurk on even legitimate websites, waiting for the opportunity to infect visitors’ computers, Klotnia says.

Incorporating the cloud-based malware-detection feature into daily TrustKeeper PCI scans gives small merchants an affordable approach to combating the problem, he maintains, noting that previous options were limited to high-priced offerings.

The product also will detect password weaknesses that can give rise to data breaches, Klotnia says.

Trustwave intends to keep a number of M86 developers on the job in their facilities in New Zealand and Israel, Klotnia says. “We want those engineering capabilities,” he notes. “They are key to maintaining the technology.”

Incorporating the software into the Trustwave scans could take a matter of months, Klotnia anticipates.

Once the software’s in place, merchants should find it as unobtrusive as the virus protection familiar to most nearly everyone who uses a computer, he says.

“I don’t think about it,” Klotnia says of such safeguards. “It tells me if needs patch, and I know I’m protected.”

Trustwave intends to work with ISOs and acquirers on how to present the product to merchants, he says.

The software also augments Trustwave’s practice of monitoring merchants to ensure the retailers are not selling anything the card brands prohibit, Klotnia maintains. The card brands may fine ISOs and acquirers if merchants sell anything disallowed, he notes.

Besides the malware-detection software, Trustwave is acquiring M86’s Web and email security products and gateway, a Trustwave press release said.


Written to help ISOs and agents make the most effective use of their time in the field, each issue is filled with strategies, selling tips & tactics, new market opportunities and other vital information for POS and ATM sales success. Sign up today >
Download the PDF
This issue contains the biggest-ever edition of the annual Fact Book. We hope you find it useful. We also check in with Steve Eazell, outgoing president of the Western States Acquirers Association, and Dan Geraty, CEO of Clearent. We even attempt to satisfy our curiousity about when mobile payments will take hold with consumers and why the U.S. seems to resist chip-and-pin.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.