Council will support companies in complying with the Payment Card Industry Security Standard

New York -- Modulo Security, specialized in technology for Risk Management, has just joined seven other security companies to found the PCI Security Vendor Alliance - PCI-SVA, whose purpose is to help companies that use payment cards comply with the Payment Card Industry Data Security Standard - PCI-DSS.
In order to increase awareness regarding data traffic security in companies using payment cards, the PCI-SVA will also assist the PCI Security Standards Council - composed of merchants, banks and point-of-sale vendors - in educating the business community on the requirements and business value of the Payment Card Industry Data Security Standard.

Founding members of PCI SVA (Modulo Security, ConfigureSoft, Cyber-Ark, Proginet, Protegrity, Reflex Security, SafeNet and Verisign), who have extensive experience in developing solutions to support compliance with the PCI-DSS, also plan to create a series of case studies, seminars, return-on-investment analyses, and white papers showing how organizations may achieve compliance with the PCI-DSS requirements efficiently and on-budget. "This material will help companies understand how some solutions can help PCI-DSS compliance," says Alvaro Lima, Modulo´s Co-founder.

One of the PCI SVA's objectives is to associate the PCI standard with other state, regional and national laws and regulations governing information security. "PCI DSS requirements are very detailed and market-stringent. Associating them with other business requirements would make it easier for commercial establishments to maintain best security practices," explains Lima. "A case of fraud or security breach in any company which is not compliant with the standard set by PCI may cause the company to face heavy fines", he completes.

Specific PCI-DSS solution

In order to help companies comply with the requirements set forth in the PCI-DSS, Modulo has launched a specific knowledge base to automate compliance with the standard in its software, Modulo Risk Manager™. The new PCI 1.1 knowledge base uses the newest version of PCI-DSS, approved in September 2006. It became effective in the United States as of January 2007 and helps companies guarantee compliance with best practices for handling, transmission, and storage. In addition, this new knowledge base will allow commercial organizations to better manage their risks, prioritizing actions to be implemented.

"Companies that do not use compliant payment applications may be punished or even removed from the payment card network in the coming years," explains Alvaro Lima.

Understanding the PCI-DSS standard

PCI-DSS is an information security standard for commercial organizations that accept credit and debit cards as a form of payment. It establishes security guidelines for organizations affiliated with credit/debit card companies, such as processors, payment gateways, and, soon, issuing banks. These requirements vary according to number of transactions performed by the commercial organization and aim to reduce the incidence of fraud involving credit cards.

The PCI standard has controls pertaining to network protection, data encryption, physical and logical access control, monitoring of activities, and others. Some of these controls stand out from the rest. These include those defining procedures for protecting information such as identifiers or passwords in various environments, physical stores and web-based applications in e-commerce.

Among businesses that will undergo this type of audit are retail networks and fast-food chains, aviation companies, large e-commerce organizations and telephone-based businesses.

For more information about the PCI SVA, see www.pcialliance.org and www.modulo.com