Saturday , December 14, 2024

Trustwave Hitches Its Planned Public Offering to the PCI Star

Data-security services and software specialist Trustwave Holdings Inc. served notice last week that it is planning a $100 million initial public offering, the first such IPO by a company heavily vested in services and technology for the Payment Card Industry data-security standard, or PCI.

Chicago-based Trustwave’s registration statement, filed with the Securities and Exchange Commission, says the company plans to use the proceeds of the IPO for general corporate purchases. The company has been growing revenues at a 43% compounded annual rate in the last five years, hitting $111.5 million in 2010, but has lost money and is carrying a $24.1 million accumulated deficit. A Trustwave spokesperson declined to talk about the pending IPO, citing a so-called quiet period. The IPO’s date hasn’t been set yet.

Trustwave’s products include technology such as the TrustKeeper software-as-a-service system for PCI compliance, which has 1.6 million enrollees. Its services include PCI assessments (the company is a so-called Qualified Security Assessor, or QSA) and its SpiderLabs unit investigates data breaches. Trustwave has 75 companies in its partner network that in turn supply or assist merchants and other business customers with data security. Clients include the leading merchant acquirers as well as Visa Inc., American Express Co., and Discover Financial Services.

The company also provides compliance services to businesses for other standards and laws such as the federal Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), and various other federal, state, and international regulations and standards, but PCI is its bread and butter.

“If any company has cashed in on PCI, it’s Trustwave,” Avivah Litan, technology analyst at Stamford, Conn.-based Gartner Inc., tells Digital Transactions News by e-mail. “They make money on both sides: performing PCI assessments and selling security remediation services.” She adds that, “We’ve always thought this is a big conflict of interest, performing PCI assessments and selling security remediation services,” but the PCI Council, which administers and updates PCI and associated standards, hasn’t changed its rules to prohibit such practices.

Trustwave’s filing indicates the company sees plenty of upside in PCI, which is a global standard. The partner network includes about 6 million merchant locations, but MasterCard Inc. had about 30 million acceptance locations worldwide as of December, according to the filing. “PCI has been a bonanza for folks that have any kind of security background,” says George Peabody, director of the emerging technologies advisory service at Mercator Advisory Group Inc.

PCI isn’t a sure bet, however. The filing notes that Trustwave’s business could be hurt if it fails to adapt to changes in the PCI standards or if governments adopt laws or regulations that conflict with PCI. Plus, emerging technologies, including the EMV chip-and-PIN smart card, could cause customers and prospective customers to perceive Trustwave’s “solutions as less critical to their businesses,” the filing says.

The filing also notes that Trustwave’s reputation could be harmed if a client suffers a data breach, whether or not Trustwave was responsible. Trustwave, however, did the last PCI audit before processor Heartland Data Systems Inc. reported the card industry’s biggest data breach ever, and it apparently suffered no long-term damage. “According to our survey data, Heartland didn’t hurt their business,” says Litan. “They still command a very comfortable lead over their competitors.”

Trustwave chairman, president, and chief executive Robert J. McCullen was a senior director at VeriSign Inc. before co-founding security-services firm Ambiron LLC in 2002. Ambiron merged with Trustwave Corp. in March 2005.

Check Also

Slope Taps Marqeta for a B2B BNPL Card; Equipifi Partners With Synergent on BNPL

Slope, a provider of buy now, pay later solutions for business-to-business transactions, announced early Thursday …

Digital Transactions