Dr. Dobb's | Data Security Firms Establish PCI Security Vendor Alliance

Data Security Firms Establish PCI Security Vendor Alliance

Organization aims to develop raise awareness of payment card standards.

February 06, 2007
URL:http://www.drdobbs.com/security/data-security-firms-establish-pci-securi/197003749

Eight data security companies have formed an alliance to educate the business community on the requirements and the business value of the Payment Card Industry Data Security Standard (PCI DSS). The new Payment Card Industry Security Vendor Alliance (PCI SVA) will develop products and services to assist members of the payment card industry and the PCI Security Standards Council composed of merchants, banks and point-of-sale vendors in education and compliance about the standard, a global benchmark intended to improve security throughout the entire payment card transaction process.

The PCI DSS is built around five principles and 12 accompanying requirements. The principles include: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measurements, regularly monitor and control networks, and maintain an information security policy.

Founding members of PCI SVA ConfigureSoft Inc., Cyber Ark Inc., Modulo Security, Proginet Inc., Protegrity USA Inc., Reflex Security, SafeNet Inc., and Verisign will also support the business community by providing flexible PCI Data Security Standard solutions to address the needs of system integrators and business users. According to the group's Web site, each of the founding members is a vendor that offers products and/or services that deliver compliance with one of more of the 12 PCI DSS. The groups also says its looking for additional members that will provide all the data functionality required by the PCI DSS.

"Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," said Jon Oltsik, senior analyst, Enterprise Strategy Group. "The standards impose compliance rules that enterprises handling credit or debit card data must resolve from business and technology perspectives. The PCI SVI is a valuable component in addressing this issue holistically."

To demonstrate the business value of PCI DSS solutions, and their value in meeting other regulatory privacy and data security directives, the PCI SVA also plans to create a series of case studies, seminars, return-on-investment analyses and white papers showing how organizations may achieve compliance with the PCI DSS requirements efficiently and on budget.

Because the PCI DSS requirements are so detailed and market-stringent, the alliance advocates compliance to PCI DSS in meeting the numerous state, national and regional laws governing other business activities concerning systems security and privacy.

PCI SVA members plan to leverage this knowledge to support and complement the objectives of Visa, MasterCard, American Express, Discover and JCB in securing the sensitive data processed by their merchant partners.