2. Virtual Technician
There’s A Better Way…
Are you still waiting for the phone to ring so your customers can
tell you when they have a problem?
Are you still using multiple desperate systems to provide
support to your customers?
Are you still offering the same old services you did last year,
and the year before that?
Are you focusing on continual system uptime or reacting to
customer system downtime?
Are you wondering if you are jeopardizing your customer’s PCI
compliancy?
There's A Better Way
3. Virtual Technician
There’s A Better Way…
A number of remote control products such as LogMeIn,
GoToAssist, and pcAnywhere are used to try and meet the
needs of POS service providers. But these general IT support
products either do not provide the full capabilities or do not have
the stand-alone security requirements for PCI Compliancy.
Additional costs and effort are required to make them compliant.
Vigilix is 100% focused on the POS industry.
There's A Better Way
4. Virtual Technician
There’s A Better Way…
Just Check A Box:
The Vigilix Base Agent can be considered as the foundation layer. Simply deploying the base agent
costs you nothing, but it does mean the agent is now at a customer site ready for you to enable
features and services. You can add to the capabilities of the base agent by assigning modules or
templates, which is as simple as checking a box. You can add any combination of basic monitoring,
POS monitoring, remote control and offsite backup depending on your service agreement with a
customer.
Benefit to Your Customer
Benefit to You
Single Agent for: One solution provider
Remote Monitoring Comprehensive POS Support
hardware & software Disaster Recovery
Remote Control Better Support for Non-technical End User
Offsite Backup Focus on the business – not on technical
issues (You know before they do)
Variable Cost = Immediate ROI
Access to information on their POS
Single System for Support Management
Customer View
Single system to train Technicians on
Auto-generate activity report
Reduce costs by resolving more issues in
less time
Increased Customer Satisfaction
There's A Better Way
5. Virtual Technician
Top Three Areas of POS System
Vulnerabilities reported by VISA
1. Remote Access Security
2. Host Security
3. Network Security
“Recent data security breaches reported to Visa indicate
that criminals continue to target merchants in the
hospitality industry, specifically hotels and restaurants.”
http://usa.visa.com/download/merchants/20090109-alert-hospitality-merchants.pdf
There's A Better Way
6. Virtual Technician
Proof in the Headlines
The New Face of Cyber Crime – CRN.com In Data Leaks, Culprits Often Are Mom, Pop –
WSJ.com
http://www.crn.com/security/210800781?queryText=
SMB+PCI http://online.wsj.com/article/SB11904266670463594
1.html?mod=sphere_ts
Small Business A Big Target For Cyber Attacks
– CRN.com Reported data leaks reach high in 2007 –
SecurityFocus.com
http://www.crn.com/small-business/208803657
http://www.securityfocus.com/brief/652
SMBs Face Looming PCI Security Deadlines –
CRN.com Payment Card Industry Data Security
Standard: A Briefing for the Restaurant
http://www.crn.com/security/213001031?queryText=
Industry – Restaurant.org
SMB+PCI
http://www.restaurant.org/business/datasecurity/brie
fing.cfm
SMBs Are a Sitting Duck for Cyber Crime –
eWeek.com
Restaurants target of data-security push –
http://www.eweek.com/c/a/Security/SMBs-Are-
fastcasual.com
Sitting-Ducks-for-CyberCrime/
http://www.fastcasual.com/article.php?id=8994&prc
=17&page=65
SMBs Underestimate cyber crime risk –
InfoWorld.com
http://www.infoworld.com/article/08/07/23/McAfee_
SMBs_underestimate_cybercrime_risks_1.html
There's A Better Way
7. Virtual Technician
What’s The Price?
VISA - since 2005 more than 80% of the instances of data breaches
involve small businesses.
Contractual penalties and/or sanctions including fines up to $500,000
per incident and revocation of a company’s right to accept or process
credit card transactions.
Computer Security Institute - Average reported loss for an individual
company in 2006 was $167,713 – not including liability in civil suits
(lawyers, court fees, etc.).
Gartner Group estimates data breaches cost $140 per customer.
There's A Better Way
8. Virtual Technician
There’s A Better Way…
The legal implications of the PCI data security standard
Industry Regulated Security Standard
Law in MN being proposed in many other states
Unlike security laws, the PCI Standard and Security Program rules are not
statutes or regulations enforced directly by the government. Rather, the PCI
rules are imposed and typically enforced contractually through the “PCI Contract
Chain.”
“may be no awareness as how security interpretations will be viewed by a court
of law, and little to no lawyer involvement. In addition, existence of ambiguities
in the PCI Standard (as drafted and as applied) and the methods that PCI
stakeholders use to attempt to resolve those ambiguities can result in legal risk.”
http://www.securecomputing.net.au/Feature/109069,the-legal-implications-of-the-pci-data-security-standard.aspx
There's A Better Way
9. Virtual Technician
There’s a Better Way….(CYA)
Policies - Process - Products
1. Document your Policies – keep those documents up to date
2. Document your Process – keep those documents up to date
3. Provide your customer with training and information on PCI compliance
4. Make recommendations based on best practices
5. Make customers sign a waiver or provide a letter stating that they understand the
are responsible and liable for PCI compliancy
6. Have documentation related to the products services that you offer to your
customers in your effort to provide a support service that does not compromise
their PCI compliance.
There's A Better Way
10. Virtual Technician
There’s A Better Way…
Vigilix, LLC. engaged Trustwave Holdings, Inc. (“Trustwave”) to conduct a third party security assessment of
the Vigilix application. The main objective of this application security assessment was to show the impact the
installation of the Vigilix Version 3.8 application would have on a merchant’s Payment Card Industry (PCI)
compliance. The following application was evaluated within this assessment:
Vigilix Version 3.8 (also sold as ScanSource Virtual Technician) Based upon the information provided by Vigilix,
LLC., including the implementation documentation, and the results of application testing; Trustwave has
determined that the installation of Vigilix Version 3.8 will not negatively impact a merchant’s PCI
compliance. Specifically, the method of remote access Vigilix Version 3.8 provides meets the PCI
DSS Requirements for two-factor authentication.
There's A Better Way
11. There’s A Better Way…
Thank you for your time
Questions:
Support@Vigilix.com
Sales@Vigilix.com
1-866-576-2839 x 14
Vigilix PABP Implementation Guide
is available on the Virtual Technician portal under Links section on
the site.
There's A Better Way