Qualys Introduces MasterCard Site Data Protection Compliance Solution

As an SDP compliant scanning vendor, Qualys is certified to help online merchants and their consultants evaluate the security of Web sites that store MasterCard account data, and achieve compliance with the Payment Card Industry (PCI) Data Security Standard. Beginning June 30, 2005, MasterCard will require online merchants processing over $125,000 in monthly MasterCard gross volume to perform an annual self-assessment and quarterly network scan. Qualys has achieved compliance status by proving their ability to detect, identify and report vulnerabilities common to flawed web site architectures and configurations. These vulnerabilities, if not patched in actual merchant Web sites, could potentially lead to an unauthorized intrusion. By proactively identifying and providing the opportunity to remedy such vulnerabilities, SDP-compliant products offer a means for reducing risk of intrusion and data compromise. The QualysGuard vulnerability management solution now includes a pre-defined scan profile that enables merchants and their consultants to scan payment systems according to MasterCard’s requirements. QualysGuard provides merchants and consultants with a blueprint for correcting found vulnerabilities. In order to achieve compliance, the merchant must correct all medium to severe security risks found by QualysGuard. Once merchants have fixed the vulnerabilities, QualysGuard auto-generates an SDP compliance report that can be submitted directly to the acquiring bank. The Vendor Compliance Program requires a two-step process. The first step is to complete an online application form, which can be found at the SDP Web site. The application provides MasterCard with an overview of the applying organization, along with a detailed assertion by the security vendor that their solution is compliant with or exceeds the requirements set forth in the MasterCard Security Standard. After applying for compliance testing, the second step is for vendors to undergo a rigorous evaluation cycle that spans across a wide range of Web servers, firewalls, and operating systems – an environment controlled and managed by MasterCard. The SDP Compliance Testing program is an expansion of MasterCard’s Site Data Protection Program, a comprehensive, proactive and cost-effective set of global e-commerce and financial security services designed to help protect the Web sites of its customer financial institutions, online merchants and other payment processors holding MasterCard account information. Pricing and Availability The MasterCard SDP compliance module will be available with QualysGuard 4.0 at the end of April, 2005. Pricing for the MasterCard SDP compliance module is $495 for QualysGuard Express customers and $2,495 for QualysGuard Enterprise customers. Qualys’ MasterCard SDP compliance reporting is also available through a number of its consulting partners, including: BDO Seidman, Digital Resources Group, Dimension Data, DynTek, Inc., FishNet Security Assessment Services, Fujitsu Transaction Solutions, Inc., Information Exchange, Inc., MasterCard SDP Service/Ubizen, NRM Network Risk Management, One-Sec, Ltd., Protiviti, Inc., and Strategic Profits, Inc.