Skip to content. | Skip to navigation

Internet Retailing

Sections
 
Home News Evolution helps with card payment standard compliance
Share this article
Document Actions

March 05 2007

Evolution helps with card payment standard compliance

Digital security managed services provider, Evolution Systems, has been accepted by the Payment Card Industry (PCI) council as a Qualified Security Auditor to assist companies to comply with the new PCI Data Security Standard (PCI DSS). All companies processing or storing credit card data are required to comply with the standards.

The PCI DSS is intended to give companies handling credit card transactions a framework and set of guidelines for doing so securely. At the core are specific elements relating to the build and maintenance of a secure network, protection and encryption of cardholder data, management and monitoring of vulnerabilities and threats, implementation of strong access control measures, regular monitoring and testing and maintenance of an information security policy.

Evolution Systems says that many organisations which should be in compliance with the PCI standard fall some way short, and the result can be a security breach which will lead to both one off and ongoing fines.

Information security specialist Cybertrust has recently agreed to collaborate with Cisco in developing solutions to assist retailers in achieving compliance with the PCI DSS. Part of the Cisco PCI Solution in Retail, a set of recommended and audited network architectures that can be tailored for each retailer's specific store footprint and application needs, Cybertrust has provided its PCI subject matter expertise to validate that the Cisco solutions are optimised for PCI compliance.

"Retailers of all sizes are challenged to demonstrate ongoing compliance with the PCI DSS. Compliance requires not only the right infrastructure, but also the people, policies and processes that will adapt to the evolving security threat environment," said Kerry Bailey, Cybertrust Senior Vice President, Global Services. According to the PCI Security Standards Council: "The security of customer payment data is not just a payment brand issue but is the responsibility of all businesses that participate in the payment process. All merchants and service providers that store, process and transmit payment card data are required by the payment brands to comply with the PCI Data Security Standard - their customers expect it and their reputations depend on it."

The PCI Security Standards Council was formed in September 2006 by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International. The independent council aims to manage the ongoing evolution of the PCI DSS and will specifically:

  • Develop and maintain a global, industry-wide technical data security standard for the protection of accountholder account information;


  • Reduce costs and lead times for Data Security Standard implementation and compliance by establishing common technical standards and audit procedures for use by all payment brands;


  • Provide a list of globally available, qualified security solution providers via its Web site to help the industry achieve compliance;


  • Lead training, education, and a streamlined process for certifying Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs), providing a single source of approval recognized by all five founding members;


  • Provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of data security standards.


    • Emma Herrod

    This article is tagged as: Evolution Systems Cisco Cybertrust Payment Card Industry Data Security Standard PCI DSS

    Latest Comments

    Most Viewed

    Most Emailed