New ControlScan Security Consulting Service Helps ISOs and Acquirers Discover and Protect Merchants’ PII

Share Article

Risk, liability inherent to merchant application process drive need for greater organizational awareness

...the standard ‘PCI’ conversation has recently grown to encompass PII in a broader sense, including sensitive merchant application data...

Today’s independent sales organizations (ISOs) and merchant acquirers strive to protect themselves and their merchants against hackers and data thieves. But with a payments industry focus on securing credit card data, many ISOs and acquirers could be inadvertently overlooking personally identifiable information (PII) residing within their business systems. This potentially hidden risk could become a real liability, should it involve compromised PII from the merchant applications they process and store.

ControlScan, an expert provider of payment security and compliance solutions, has enhanced its security consulting services offerings to include a new service that specifically addresses the underlying risk within the merchant application process. The applications merchants submit to ISOs and acquirers contain a significant amount and variety of PII, including full names, birth dates, driver’s license numbers, account numbers, social security numbers, email addresses and more. In the wrong hands, this information can be used to commit individual or business identity fraud.

“ControlScan’s qualified security assessors are recognized for helping ISO and acquirer organizations effectively identify and remediate security gaps related to electronic payment data,” said Steve Robb, the company’s senior vice president of products and services. “However, the standard ‘PCI’ conversation has recently grown to encompass PII in a broader sense, including sensitive merchant application data, because when unaddressed, it represents a substantial business threat.”

The ControlScan Sensitive Merchant Data Assessment is designed to help ISOs and acquirers further improve their security posture and reduce the risk of data compromise by documenting the organizational flow of merchant PII and providing recommendations for its protection.

“Commercial identity theft is a real and growing threat. Proactively addressing the risk and liability inherent to the merchant application process helps ISOs and acquirers safeguard customer confidence and maintain a solid reputation with sponsor banks and card brands,” said Robb.

ControlScan has published a risky PII data infographic highlighting the myriad locations sensitive merchant data could exist. ISOs and acquirers concerned with this issue can receive a complimentary Sensitive Merchant Application Data consultation by calling ControlScan at 1-800-825-3301, extension 4.


About ControlScan
Headquartered in Atlanta, Georgia, ControlScan is the leading provider of Payment Card Industry (PCI) Compliance and Security services designed to meet the unique needs of small to mid-sized merchants and the acquirers that serve them. The company’s flexible solutions, easy-to-use online tools and personalized support significantly simplify PCI and security for its clients. In addition, as an Approved Scanning Vendor and a Qualified Security Assessor, ControlScan is positioned to help merchants meet compliance requirements and maintain secure business environments for their customers. For more information about ControlScan and its cloud-based solutions visit or call 1-800-825-3301.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Stacey Holleran
Follow us on
Visit website