This posts outlines how to remove the new $15.00 monthly security enhancement fee that CDG Commerce is implementing, thankfully they are not making it mandatory. I still stand by CDG Commerce, most companies utilize these fees as pure revenue generators, CDG on the other hand allows you to opt out, that’s rare these days.

ANNOUNCING THE OFFICIAL LAUNCH OF cdg360

We are pleased to announce that starting on September 1, 2012 all CDGcommerce merchants will have a brand new set of value-added benefits and features enabled on their merchant accounts. Our new bundled solution provides merchants with a complete “360” approach to improving their business security and address all key areas.

All merchants will be receiving the following benefits as part of the cdg360 upgrade:

  1. $100,000 Breach Protection Plan: in the event of a suspected data breach compromise this plan will cover the cost of the required certified forensics investigation. In addition, card replacement costs, penalty fees and other related expenses can be covered by this protection plan up to the stated limits. Security breaches have put many small businesses out of business or created severe financial impairments and this protection plan helps to provide peace of mind and can even provide protection for situations such as employee data theft.
  2. Vulnerability Scanning: for merchants with e-commerce Web sites as well as merchants utilizing IP-based processing systems this solution is a must. Actionable, easy to read and understand reports are provided for any weaknesses detected in your public-facing storefronts, Web site or payment systems. A comprehensive and constantly updated library of tests is performed to discover any weaknesses to let YOU know before would-be online attackers discover them and use them to try to compromise your systems. This solution helps you to fulfill PCI DSS requirement 11.2 by identifying areas that are currently non-compliant or which pose potential issues.
  3. Customized Security Alerts: instead of flooding your inbox with numerous security alerts that do not apply, this tool sends specific alerts for ONLY the systems that YOU are actually using at your business – including systems that you are running on public-facing Web servers, shopping carts, billing systems as well as desktop applications. Stay in the know and be advised as soon as we are aware of critical security threats so that you can take prompt action. This solution helps you fulfill PCI DSS requirement 6.1 as well as giving you an important layer of protection that can make all of the difference in the world to your business.
  4. Staff Security Awareness Training: for many businesses the weakest link is the level of security knowledge possessed by their employees and to address this huge gap we are providing a complete, easy to use “101” online tutorial for security training which can be delivered and tracked to your individual employees. This solution helps you fulfill PCI DSS requirement 12.6 as well as enabling you to dramatically improve your company’s security posture without using up management/owner time to do so.


Please note: as per our statement and e-mail notifications, this bundle has a $15.00/month cost associated with it which will be billed directly and separately by CDGcommerce via ACH debit to your bank account on file starting on September 1st, 2012. If for some reason you only wish to receive the $100,000 breach protection plan and not the other features or if you do not wish to receive any of the above features you can unsubscribe from this by submitting a request via your MerchantPortal and we will promptly process it. Unlike our processing peers, we are not making this program mandatory for merchants even though we strongly urge everyone to take advantage of it.

Here is a letter form the CEO:

Good afternoon,

I am emailing you to make sure that you are aware of what I personally feel is the most exciting initiative that we have ever launched here at CDGcommerce – our NEW cdg360 bundle for Security & Compliance. It is being released to all of our merchants effective September 1st, 2012 as per our earlier mailed announcements.

With all of the ongoing cyber-attacks and security breaches that take place on virtually a daily basis across the world it is easy to understand why merchants of all sizes are very concerned about the potential security risks that their businesses face.

No business is too small or too big to be a target of opportunity and the costs of a single security breach can be insurmountable for many merchants. The required forensics investigation alone on a suspected breach can easily exceed $25,000 and a serious security incident could cost upwards of $50,000-100,000 or more even if only a moderate number of cards is involved.

In addition to the concerns that you have expressed to us about how to better secure your businesses on the IT and payment side we know that many of you have expressed concerns with how to truly achieve PCI DSS compliance and protect your business against liabilities that may exist due to non-compliance. It has been a challenge for many of you to implement all 12 of the major PCI DSS requirements and we have been listening to your requests in this area.

The only approach that the rest of the payment industry has taken until this moment in time has been to simply charge extra fees to merchants for “non-compliance” or refer them to a scanning vendor. These programs have been expensive, mandatory and merchants are given no choice whether or not they wish to participate.

At CDGcommerce, we’ve always been advocates of merchants having a true choice in what services they want or need for their businesses. And we have been working hard for several years to put together a fresh alternative in the form of our new bundle solution, cdg360, which is designed to tackle all of the above challenges in a single, comprehensive solution that actually WORKS to achieve both Security & Compliance for the typical business.

Best of all, while we are required by insurance industry regulations pertaining to the protection plan component to pre-enroll all merchants in this plan due to the shared risk structure that exists for it, I want to stress that this IS an optional value-added service. So while pre-enrollment *was* required, participation is *not* mandatory and you DO always have the right and ability to opt out of this program if you do not feel that it provides value to your business.

The full details are viewable online at www.cdg360.com but these are the key highlights of what we are including in cdg360:

* $100,000 Protection Plan – this helps protect you in the event of a suspected or actual security breach and can cover costs including forensics investigation expenses, card replacement costs, penalty fees and other expenses up to the plan limits. This plan can even cover losses due to employee data theft and other scenarios not covered by most other plans.

* Vulnerability Scanning – this provides ongoing analysis of your Web site and public-facing Internet addresses with the goal of finding potential vulnerabilities before black hat hackers exploit them. After all, comprehensive security requires much more than just four quarterly snapshots and new threats and vulnerabilities are always emerging.

* Staff Security Awareness Training – this provides online training to you and your staff to improve security and in doing so addresses what is often times the most common target of opportunity: end users. We have seen companies invest millions in state-of-the-art security hardware only to be thwarted by a simple attack or basic social engineering tactics directed at an inexperienced staff member so this is an area that until now has been almost completely unaddressed for the average small-to-medium sized business and we want to change that.

* Customized Security Alerts – this generates security alerts specific to your business to help keep you “in the know” about just the systems that you actually use while not bothering you about systems that do not apply to you. This tool lets you build a profile of the systems that you use and helps provide valuable alerts whenever a new pertinent threat emerges and/or an important security patch is required.

These solutions were all designed with the singular goal of helping you to secure your critical business IT & payment processing infrastructures with easy-to-use and effective tools. You’ve asked us for solutions to help in these areas and this is our answer to those needs… with even more features to come in the months ahead.

On the financial side, just portions of the above solution easily represent $1,500-2,500 per year if a business were to purchase them “ala carte” from various vendors in the industry. However, for our entire merchant base we have been able to put this all together for a very minimal additional cost of only $15/month – less than fifty cents per day. We are also offering an even lower cost version of the bundle with just the $100,000 Protection Plan if you decide that you do not want the other included services.

In addition, to make it even easier for you to determine if our cdg360 program will be worthwhile for your business I am pleased to announce that we are going to provide cdg360 -FREE- for you during the entire month of September to provide you with a full 30 days to evaluate the program and all of its features at your leisure. If you wish to change your enrollment, you will be able to quickly & easily do so through your MerchantPortal under the upcoming cdg360 area.

Please note: due to both the new cdg360 features and some slight verbiage changes with our vendors we are also going to be sending out a separate e-mail next week with an e-sign request to take care of the legalese side of things. This will have absolutely no bearing on any pricing or enrollment status; we simply need the new modified agreement for our files.

As always, I truly welcome your feedback, comments and questions and our dedicated staff is here to help you as well with anything that you need. We have always been focused on providing all of our valued clients with the very best payment solutions in the industry and we are tremendously excited to be in a position to also help you with your requests in the areas of security & compliance now as well.

Best regards,
Chris West CEO
888.586.3346 x802
310.388.1224 fax

This transmission may contain information that is sensitive and/or exempt from disclosure under applicable law (Computer Fraud and Abuse Act of 1986; Privacy Act, 5 USC 552(a)). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.