Vendor alliance wants PCI certification program

By Michael S. Mimoso, Editor, Information Security magazine 05 Feb 2007 | SearchSecurity.com and Information Security magazine

Digg This!     StumbleUpon     Del.icio.us

RSA Conference 2007 Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.

The Payment Card Industry Security Vendor Alliance was announced this week at RSA. The mission of its five founding members--Configuresoft, Protegrity USA, SafeNet, Proginet and Cyber-Ark--is to provide guidance on the products and services that can be used to achieve compliance with the PCI Data Security standard(PCI), and ultimately get a PCI certification program off the ground.

PCI is a standard that dictates how credit card merchants must protect cardholder information. It applies to merchants that store, process or transmit cardholder information. Merchants that don't live up to the standard's 12 requirements run the risk of not being able to do business with the leading credit card companies, Visa, MasterCard and American Express.

By educating the community about the technology and services available to automate compliance, merchants will be able to achieve compliance sooner. David Taylor VP of Data Security Strategies, Protegrity USA

PCI SVA member Chris Farrow, director of Configuresoft's Center for Policy and Compliance, said merchants are struggling to comply, in part because the PCI Security Standards Council has not invited vendors to join its ranks, nor does it certify products.

The council was founded by the leading credit card providers. Farrow hopes the formation of the SVA, which made a full call for participation this week at RSA, earns vendors a seat on the council. The council currently certifies PCI assessors and scanning vendors, and Farrow said that framework is a good start for a product and services certification program.

"We realize that's the tougher part of the mission. But customers have no guidance in picking vendors," Farrow said. "We'd like some endorsement--a warm-and-fuzzy--that says 'we've seen your work and it's viable if implemented.' "

The founding members said SVA will provide educational and advisory services to the payment card industry via its site www.pcialliance.org, analyst briefings, conference presentations and live seminars.

"By educating the community about the technology and services available to automate compliance, merchants will be able to achieve compliance sooner, and therefore receive the overall business benefits of compliance earlier in the process," said David Taylor, VP of Data Security Strategies at Protegrity USA.

<< Return to our special coverage of RSA Conference 2007

Tags: PCI Data Security Standard,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT PCI Data Security Standard PCI DSS compliance help: Using frameworks, technology to aid efforts Chip and PIN adoption Chip and PIN adoption serves lesson for U.S. payment industry Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Wireless network guidelines for PCI DSS compliance Visa probes tokens, encryption for PCI card data protection Feds push cybersecurity jobs, PCI DSS changes ahead. Voltage, RSA spar over tokenization, data protection Security Awareness Training and Internal Threats Health Net breach failure of security policy, technology Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary PCI DSS (Payment Card Industry Data Security Standard )  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary