The Retail Industry

Work with Mercury Z for retail-specific security services, project support, field installations, and much more!

Retail Security Services

Businesses in the retail sector can greatly benefit from security services as they strive to meet regulatory industry standards within which they must operate, and to verify that the various components of their organization are secure. Mercury Z offers PCI Compliant services to help you meet Payment Card Industry standards, which aims to guide organizations into providing customers with a secure cardholder data environment (CDE). We also provide a range of security services which serve to identify any vulnerabilities in your organization from a Facility Breach Exercise (SSAE16) testing your physical security measures, to stand-alone Vulnerability Assessments, Penetration Testing, and Social Engineering, to identify any exploitable vulnerabilities in your network, systems, or personnel.

PCI Compliance

Mercury Z can help you meet Payment Card Industry Data Security Standards by offering you key security services, and guiding you through a potentially complex process. We can help you to ensure that you take the right steps towards providing your customers with a secure data transfer environment, by working with you to check off PCI Compliance requirements. Mercury Z can provide assistance in finding the right experts for you to verify that you have met the relevant requirements and performed the necessary scans.  We can find you the following security entities to assist you in this process:   

Approved Scanning Vendor (ASV) – vulnerability scans of externally facing payment devices

Qualified Security Assessor (QSA) – a certified consultant conducts an on-site assessment

To better understand the terms and requirements of PCI compliance and how to obtain it, our Mercury Z security consultants are available to you to explain how it works and the next steps you need to take. For more information on the Mercury Z PCI Compliance service, please click here.

Mercury Z security consultants also recommend more frequent Vulnerability Assessments and Penetration Testing as well as Social Engineering services to identify any vulnerabilities that your business may currently have and to advise on remediations.

Vulnerability Assessment / Scan (Tier 1)

Using public domain tools and custom scripting, Mercury Z provides you with an internal and/or external scan of your enterprise to identify known vulnerabilities. By revealing what these vulnerabilities are, you will be in a better position to assess the level of your current risk and make more informed decisions as to what improvements need to be made.

The Mercury Z process:

  • Obtain publicly available information on your internet exposure
  • Perform initial scan to identify live hosts and confirm targets
  • Internal and/or external scan of each IP address/Live Host in the test plan (computers, networks, webapps/servers) – internal scans initiated from appliance located within your network
  • Close-out report that ranks vulnerabilities from critical to low, with recommendations for remediation of vulnerabilities

Penetration Testing / Ethical Hack (Tier 2)

Mercury Z conducts an initial Vulnerability Assessment to identify specific attack vectors. Once vectors are identified, a certified ethical hacker will attempt to exploit the identified vulnerabilities.

The Mercury Z process:

  • Includes all components of the Vulnerability Assessment
  • Tests your security tools by exploiting identified vulnerabilities via real-world attack vectors to attempt to gain unauthorized access to internal servers/applications
  • May attempt to escalate exploited privileges and perform password cracking
  • Close-out report with demonstrated targets that were breached

Social Engineering Services

Social Engineering involves a non-technical method of hackers tricking people into divulging personal information or breaking normal workplace security protocols to obtain privileged data. This can be over the phone, via the Internet, or even in person.

Email Phishing service

Mercury Z provides you with an email phishing service whereby a prepared email is sent out to the client’s employees to test their awareness and reactions to an attempt to gain privileged information from them. Hackers typically achieve this by pretending to be a trustworthy entity, and using misleading emails or hypertext links to a false website.

The Mercury Z process:

  • Consultation – working with Mercury Z to determine the ‘targets’ (departments, employees, executives, etc.)
  • Create the email – agree on the content and layout of the email to be sent
  • Create authentication server – a custom webpage is prepared to collect all of the responses to the email
  • Send the email – the prepared email is sent and the server then captures actions and credentials as provided
  • Delivery of report and follow-up discussion – a report of the number of responses and the information they contained is compiled by Mercury Z and then presented to the client. Through a consultative process, Mercury Z discusses the issues presented in the report and makes suggestions as to potential steps to take to improve security. Typically, a security seminar for training and further education is highly recommended.

Pretexting service

Pretexting is a kind of social engineering whereby a hacker uses non-technical methods to manipulate an employee into providing secure credentials. This is typically done by creating a scenario where the hacker pretends to be in a position of authority and attempts to trick an employee into providing confidential information. To combat this risk, Mercury Z provides a Pretexting service that establishes a scenario to test employees. This allows you to better assess your organization’s exposure to this kind of risk, as well as educate employees into adopting a more risk-aware mindset.

The Mercury Z process:

  • In consultation with a Mercury Z Consultant, discuss specific areas to target, which can include finance, operations, and HR among others.
  • The Mercury Z Consultant will learn about your business from you and information freely available in the public domain, which will be used to develop a call scenario to attempt to obtain privileged information.
  • Following the completion of the Pretexting service, you will be sent a report detailing those who have failed the test and the ID/PWD combinations that were given.

Social Engineering Security Seminar

Through a customized course on security, Mercury Z can create a seminar that focuses on your organization’s needs. This can be educational for all employees on the subject of Social Engineering (email phishing, pretexting, etc.). It can be specifically catered towards executives through a separate class if requested.

Mercury Z’s seminar can be delivered on-site with a session in the morning, and another in the afternoon. The Mercury Z Security Consultant delivering the seminar will be available between sessions to answer any general security questions. A video of the seminar can be recorded and customized with the corporate logo and an executive introduction. This can be used to facilitate remote worker training, new hire, and future training/refresher purposes.

Other Security Services

Risk Assessment & Gap Analysis

Mercury Z provides a risk assessment and gap analysis service for businesses operating in the data center industry or operating data centers in other industries, to ensure that they meet the correct regulatory standards that is required of them. Whether it’s HIPAA, PCI, SSAE16, Policy Reviews or other standards, if a business fails an audit, they can be subject to thousands or even millions of dollars in fines, not to mention lost business and corporate bad will. A compliance review and gap analysis through Mercury Z’s Security Services can help you to make sure that your company is prepared. Mercury Z will take you through a step-by-step process that reviews your systems for compliance, assesses the level of risk, and provides a report with a detailed gap analysis with steps for remediation.

Facility Breach Exercise (SSAE16)

Mercury Z offers you a Facility Breach Exercise so that you can test your physical security policies and procedures. Whether this exercise is targeted at your data center or your corporate environment, these policies should be documented and followed precisely. This exercise can be used to satisfy a segment of a gap analysis if you are seeking SSAE16 attestation.

  • Working with you to define the appropriate facilities and methods to “breach.”
  • Following the completion of the exercise, you will receive documentation of the facility breach with details on the extent that this breach was enabled by process or personnel.

Web Application Testing

Mercury Z’s Web Application Test is a multi-tiered effort building upon the vulnerability and penetration testing of the physical server and its software. This test provides confirmation that the development of an application has not introduced any additional vulnerabilities based upon the coding. Mercury Z can perform a full-scale security analysis of your web applications to determine your network’s risk of web intrusion. You will also receive recommendations on how to remediate any vulnerabilities.

Mobile Application Testing

Mobile Application Penetration Testing: Mercury Z provides a testing service which provides an additional layer of testing to look deeper into the veracity of the mobile web application’s security. This includes verification of secure data storage; unintended data leakage; and improper session handling to name a few. This testing can be completed on many mobile operating systems including Android and IOS.

Mobile Application Code Review: This service takes an even deeper look into the mobile application at a coding level, verifying that it is properly written, and that there are no exploitable vulnerabilities. This effort includes a manual source code review, industry tools that are used to “crawl” the code and identify vulnerabilities; etc, along with all of the components of the Mobile App Pen Testing.

Wireless Security Testing

A Wireless (WiFi) Security Assessment through Mercury Z analyzes your network’s wireless infrastructure and tests for potential vulnerabilities so you can be aware of potential back-door intrusions. In order to ensure that your network is better protected from newer and more improved methods of hacking, a wireless security testing service will allow you to expose these potential threats. An additional area of concern includes the introduction of “rogue” or unauthorized Access Points (APs) to the environment. These rogue APs are not subject to the same controls as the authorized ones and therefore represent a significant risk. Mercury Z’s Wireless Security Testing locates these and enables you to have them removed.


Network forensics monitors and analyzes computer network traffic to gather information, legal evidence, and intrusion detection. When cyber intrusions occur, Mercury Z can place a certified network security expert on your team to conduct a thorough investigation to discover the source of the attacks or other problem incidents and follow the process through the court system if necessary. We can help guide your organization to a safer and more protected presence on the web.


Get in Touch!

Telephone: (919) 439-5000
1150 SE Maynard Rd
Cary, NC 27511
263 13th Ave S, Suite 340
St Petersburg, FL 33701

facebook linkedIn facebook