Enterprises clamoring for PCI-certified products and services are a somewhat closer to having their wish fulfilled.
PCI is a standard that dictates how credit card merchants must protect cardholder information. It applies to merchants that store, process or transmit cardholder information. Merchants that don't live up to the standard's 12 requirements run the risk of not being able to do business with the leading credit card companies, Visa, MasterCard and American Express.
The council was founded by the leading credit card providers. Farrow hopes the formation of the SVA, which made a full call for participation this week at RSA, earns vendors a seat on the council. The council currently certifies PCI assessors and scanning vendors, and Farrow said that framework is a good start for a product and services certification program.
"We realize that's the tougher part of the mission. But customers have no guidance in picking vendors," Farrow said. "We'd like some endorsement--a warm-and-fuzzy--that says 'we've seen your work and it's viable if implemented.' "
The founding members said SVA will provide educational and advisory services to the payment card industry via its site www.pcialliance.org, analyst briefings, conference presentations and live seminars.
"By educating the community about the technology and services available to automate compliance, merchants will be able to achieve compliance sooner, and therefore receive the overall business benefits of compliance earlier in the process," said David Taylor, VP of Data Security Strategies at Protegrity USA.