VeriSign Achieves Three Industry Security Certifications for Payments Services

Each certification underscores a strong VeriSign commitment to making security a central focus of its development efforts and protecting the safety and integrity of customer data. Visa CISP is a set of 12 industry-wide requirements designed to protect sensitive information from being compromised. As part of the certification process, VeriSign employed an independent, Visa-qualified, auditor to perform a thorough inspection of the VeriSign payment processing environment. This process included an intensive review of the procedures VeriSign uses to classify, access, and store sensitive information. In addition, VeriSign performed and in-depth analysis of network and system architecture, a complete assessment of IT policies and procedures, and an on-site inspection of physical data-center facilities. Complying with MasterCard SDP involved a two-step process. VeriSign completed a self-evaluation of its security procedures, with a detailed analysis of its Web infrastructure, to showcase VeriSigns compliance with MasterCard standards. MasterCard then performed compliance testing, scanning VeriSign Payment Services solutions in a controlled environment to ascertain their viability. The SAS70 compliance process involves a formal, in-depth report by a third party auditor that analyzes the design, implementation, and operational effectiveness of the controls that reside within a service organization. The SAS70 audit report allows service organizations to disclose their control activities and processes to customers, thus demonstrating adequate controls and safeguards are in place. The addition of Section 404 of the Sarbanes-Oxley Act make SAS70 audit reports even more important to the process of reporting effective internal controls.