A billion-dollar opportunity beckons for North Shore-based Mako Networks as the Payment Card Industry (PCI) moves closer to mandating its Data Security Standard (DSS) around the world.

It is also an opportunity which is seeing the company expand rapidly; presently, it employs 55 people, but expects that number to rise to 300 within two years.

That’s according to CEO Bill Farmer, who met with TechDay to shed more light on a challenge which awaits retailers everywhere – and the Kiwi ingenuity which helps solve it.

“We believe we are sitting on the single biggest opportunity of any company in all New Zealand,” says Farmer.

“There are 35m merchants [shops of various kinds] in the western world and right now only 7m of them are PCI DSS compliant.”

PCI DSS is a mandatory information security standard to protect the integrity of any card transaction; wherever there is an EFTPOS terminal, it should be protected by this standard to ensure customer details aren’t compromised. Implementing PCI DSS is required by the major card companies, among them Visa, MasterCard and American Express; in turn, achieving that standard can cost $20,000 or more for large sites.

Where Mako differs, says Farmer, is that it can do the same thing for around $100 per month.

“That’s because we provide a network service which is PCI DSS compliant,” he explains. And unlike ‘on-site’ solutions, he says Mako’s approach is continually and centrally updated, ensuring constant compliance with a standard which continues to develop and change.

The technical details include network CPE (customer premise equipment) but the real magic is in the configuration of the Mako Networks solution. It uses ‘vanilla’ broadband, but protects all card transactions, with every device on its network ‘calling home’ every two minutes to ensure network and transactional integrity.

With obvious pride in the company’s work, Farmer says it is addressing what is a clear and present danger for any point-of-sale with a unique solution which is also cost-effective.

“However, our specific focus is on the network component which is one part of compliance,” he notes.Other aspects include policies, processes and procedures for POS staff.

The state of compliance

As for the state of compliance with PCI DSS – and this is where that opportunity becomes quantified – he says pressure is building.

“We’ve seen the examples of major breaches [of payment card information] and the damage that this can do; there is the Sony example, major food chains, restaurants and other retailers have had issues.”

As a result, there is a level of urgency in driving ubiquitous compliance across the industry; while Farmer says industry pressure is more pronounced in the USA and Europe, the same can soon be expected in the southern hemisphere.

Of course, an opportunity of this magnitude means there are competitors, agrees Farmer; however, he adds that none addresses the issue in the same way that Mako does.

Channels to market

In addition, reaching a potential customer base of some 28 million merchants around the world is hardly child’s play. Happily, however, the way in which the card payment industry works plays in Mako’s favour.

Farmer explains: “Our targets are the acquirers [banks]; even in very large markets like the USA, there are only 10 major acquirers for card payments; in the United Kingdom, 5; in Australia, 4.”

In turn, the acquirers work with their merchants to help them achieve PCI DSS compliance.

“The channel to market is pretty clear; to date we have access to around 1.6m possible customers through our work with acquirers,” Farmer reveals – adding that this has, however, taken “A lot of shoe leather and a sales team which has racked up an awful lot of air miles.”