CyberSource Launches Payment Card Industry Security Compliance Service

Merchants welcomed the announcement of the standard last year -- instead of having to comply with several disparate programs, they could focus efforts on certifying to one core standard. But as the June 30 deadline for compliance approaches, a relatively small number of merchants are fully prepared. CyberSources new service is designed to help merchants meet the fast approaching deadline by applying its unique payment expertise, supporting not just simple compliance, but true payment security and operating efficiency. Why should merchants certify? Most merchants will be required by their acquiring bank to certify to the PCI program no later than June 30th, 2005. Merchants not PCI certified could face fines as high as $500,000 or be permanently barred from the card acceptance program. Certification is a proactive step by the card associations aimed at limiting the growing threat of cardholder information theft. For eCommerce merchants, cardholder security breaches can threaten the overall value of a business, seriously impacting customer and investor trust and loyalty long after the story has faded from the headlines. CyberSources certification process -- with a payment emphasis CyberSource is a payment solutions expert -- not just a security assurance vendor. Depending on a merchants eCommerce environment, standard PCI compliance may not be sufficient to achieve full payment security. What we are offering is not a quick scan and audit, said Glaser, but an education, a focus on operational readiness, and an operating methodology that results in true payment security. We serve as our customers trusted advisor in certification as it relates to payment solutions and security. eCommerce merchants will receive a solution that is PCI compliant, offers truly comprehensive payment security, and is payment operations-savvy. Comprehensive services The CyberSource service engagement focuses on a set of three proven readiness phases, followed by an independent audit. The readiness effort begins with compliance planning, carried out with all appropriate customer stakeholders. This stage is followed by a pre-assessment audit in which all affected systems, policies, and processes are reviewed and a detailed list of projects required to achieve compliance is compiled. Remediation then addresses those compliance gaps and concludes with a statement of audit readiness. At this point, CyberSource engages a third party for an independent compliance audit. Following compliance, CyberSource offers compliance maintenance services by managing quarterly vulnerability scans, assessing scan results, monitoring changes in PCI requirements and managing associated readiness efforts. Audit integrity CyberSource manages its customers readiness efforts, but utilizes a separate vendor to validate the work done. This helps maximize the quality of the work and the customers confidence in the audit. While the merchant is free to select any Qualified Security Assessor, CyberSources preferred auditor has extensive payment expertise. That way, both the remediation efforts and the certification of those efforts are conducted with an awareness of the special needs of payment operations. Faster project completion CyberSources industry-leading experience in eCommerce payment means the company has implemented solutions across a broad spectrum of industries and customer profiles. CyberSource has developed risk management and payment solutions in some of the worlds largest and best-known multi-channel retailers. This translates to confidence and speed of completion for any remediation efforts required to meet compliance, including compensating controls that may not be evident to firms lacking deep payment expertise. CyberSource and security compliance PCI compliance is one part of CyberSources comprehensive portfolio of risk