BillingTree® announced it has once again successfully passed the PCI-DSS audit, this year audited under the new PCI 3.0 standards. The new PCI-DSS is designed with an increased focus on operational standards, security and training to provide greater clarity, flexibility and ease of implementation for vendors. The latest announcement is a continuation of BillingTree’s commitment to remaining at the leading-edge of industry compliance.
Calpian has selected Conformance Technologies has selected its PCI ToolKit and TINMatch ToolKit offerings. Calpian will use PCI ToolKit solution for PCI DSS merchant portfolio compliance validation, and the TINMatch ToolKit for merchant business entity name and federal TIN matching.
ControlScan and TSYS’ ProPay team to provide PCI compliance solutions for small- and medium-sized merchants. TSYS says complying with PCI DSS can be a daunting task for any merchant ” especially for small- to medium-sized merchants. While utilizing products such as ProPay’s ProtectPay encryption and tokenization solution can significantly reduce merchant’s PCI DSS burden, all merchants must still comply with the Standard.
Fibernet Internet Service Provider passed PCI and SOC 1 Type II Certification security standards. It also received SSAE16 SOC 1 Type II certification. The attestation awarded to Fibernet by Cadence Assurance. All data centers must complete the certification requirements of PCI security. Regulations involve the human resources training programs, restriction of personnel who have physical access to the data center, and protection against environmental hazards. Fibernet Corp. has completed SOC 1 Type II certification, which requires demonstrable compliance to the standards for an entire year; Type I certification only requires compliance at the time at the time of attestation. Fibernet Corp is one of the first businesses to become an approved service provider by the credit card industry.
Acumera Trusted Connection Services for convenience stores launched its PCI Audit Support to accelerate PCI compliance audits as part of Acumera’s PCI Tools solution. Acumera’s PCI Tools include automated external vulnerability scans with historical archiving, logging of PCI-related events, dynamically generated site network diagrams and clear identification of non-PCI payment application devices in the cardholder data environment. Acumera has completed its own PCI DSS compliance assessment and obtained an annual report on compliance (ROC), becoming a fully compliant service provider. Coalfire, a Qualified Security Assessor (QSA) firm, successfully completed the testing and controls validation of Acumera as a network and security service provider.
Harland Clarke Marketing Services at its production facility have received PCI DSS certification with Verizon Business assessment required for certification. Harland Clarke’s Card Services business also received an Attestation of Compliance with PCI standards from Verizon Business. Within Harland Clarke implements a defense-in-depth strategy, which combines physical control measures with logical control measures, uses a layered security model to provide end-to-end security of client and customer information, and mitigates risk across the supply chain.
cleverbridge e-commerce provider for digital products received PCI DSS Level 1 compliance for the third consecutive year. Having demonstrated full compliance with PCI DSS Level 1 to provide a secure e-commerce environment for its clients, cleverbridge passed the most rigorous data security assessment designated by PCI for the world’s largest merchants and service providers. To prevent its clients from becoming targets, cleverbridge proactively manages data privacy and protection by implementing the most up-to-date compliance protection measures and technology such as encryption, firewalls, identity and access management systems and more.
Knoah Solutions completed its compliance audit by TÜV Rheinland Group auditing and was given an Attestation of Compliance for PCI-DSS certification. The TÜV Rheinland Group is a leading provider of technical services worldwide. Knoah Solutions business process outsourcing (BPO) services has provided low-cost, multi-channel customer service and technical support. Their largest client earned the J.D. Power & Associates customer service award three years in a row.
Zix Corporation (ZixCorp) email encryption services has been recognized as compliant with PCI DSS, having achieved the highest standard with Level 1 compliance based on DSS version 2.0. Now companies transmitting payment card information to individual customers or other businesses via “ZixPort” can be confident that they are adhering to the financial industry’s highest standards for data privacy and security. Using ZixPort can help senders to comply with financial privacy regulations, such as the Gramm-Leach-Bliley Act. Accretive Solutions is a national consulting firm and a recognized PCI DSS auditor. Accretive Solutions reviewed ZixCorp’s application for compliance and approved ZixCorp’s letter of attestation of compliance assessments for service providers.
Qualys on demand IT security risk and compliance management solutions has released its “QualysGuard PCI 5.0.” Offering customers a simplified way to meet the latest PCI DSS compliance requirements, the dashboard includes updates following new Approved Scanning Vendor (ASV) requirements released in March 2010, and a simplified user interface (UI) with workflows â helping customers easily and accurately detect security vulnerabilities, and efficiently remediate issues for PCI compliance. The “QualysGuard PCI” compliance solution is used by 68% of all ASVs and 46% of Qualified Security Assessors (QSAs) to help merchants with PCI DSS certification and validation. New features include an “Asset Scoping Wizard” to walk customers through the process of identifying IPs and domains that are in scope for PCI compliance; a “Compliance Wizard” to help customers through each step of the process in an informative manner; and “Interactive Reports,” which includes a new format with additional content, revised scoring terminology (High, Medium and Low), and sections for attestations.
PCI DSS compliance provider Vendor Safe Technologies
has signed a long term agreement with restaurant chain Quaker Steak
& Lube to implement a single source Payment Card Industry
Data Security Standard compliance solution.
The PCI Managed Security portfolio enables restaurants and other credit
card merchants to secure their environment with solutions that include “Global Security Mesh/VPN”,
a managed gateway solution providing best-in-class security,
“IP Data Blocker”, prevents data transmission to unauthorized IP
addresses; “Rogue Device Manager”, issues alerts to the IT staff when any
device is added to the LAN and “HotSpot Plus”, a robust wireless solution with four segregated
wireless networks.The suite also includes Vulnerability Scans that proactively identify weaknesses with an
all-inclusive assessment and are Approved Scanning Vendor (ASV) program
compliant; internal and external scans available; the “SAQuick” Questionnaire which lets merchants easily complete the
Self-Assessment Questionnaire and Attestation of Compliance required by
the PCI DSS with an automated, online questionnaire and the “TrustVault Certificate” that covers up to $50,000 in direct breach
Visa has issued global mandates for “PCI DSS” compliance that sets
September 30, 2009 as the deadline for “Prohibited Data Storage” and
September 30, 2010 as the deadline for “Compliance Validation.” Visa
will require confirmation from acquirers by September 30, 2009 that
their “Level 1” and “Level 2” merchants do not retain sensitive payment
card data such as full magnetic stripe (also known as track data),
security codes or PIN data after transaction authorization. Furthermore,
Visa will require acquirers to provide an “Attestation of Compliance”
for each of their Level 1 merchants demonstrating that each has
validated full “PCI DSS” compliance by September 30, 2010. After that
date, Visa will impose appropriate risk controls, up to and including
acquirer fines for failure to provide an attestation form to Visa
confirming that each of its “Level 1” merchants has validated full “PCI
DSS” compliance. Effective February 1, 2009, Visa will only require
submission of an executed Attestation of Compliance Form and the
“Executive Summary” section of the service provider’s Report on
Compliance (ROC) to demonstrate full PCI DSS compliance as a Level 1
service provider. Level 2 service providers will submit version D of
the Self-Assessment Questionnaire (SAQ). Issuers and acquirers are
responsible for reviewing the accuracy of the SAQ.