Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:47 AM
Nancy Feig
Nancy Feig
Connect Directly

Data Security Firms Establish PCI Security Vendor Alliance

Organization aims to develop, raise awareness of payment card standards.

Eight data security companies have formed an alliance to educate the business community on the requirements and the business value of the Payment Card Industry Data Security Standard (PCI DSS). The new Payment Card Industry Security Vendor Alliance (PCI SVA) will develop products and services to assist members of the payment card industry and the PCI Security Standards Council composed of merchants, banks and point-of-sale vendors in education and compliance about the standard, a global benchmark intended to improve security throughout the entire payment card transaction process.

The PCI DSS is built around five principles and 12 accompanying requirements. The principles include: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measurements, regularly monitor and control networks, and maintain an information security policy.

Founding members of PCI SVA ConfigureSoft Inc., Cyber Ark Inc., Modulo Security, Proginet Inc., Protegrity USA Inc., Reflex Security, SafeNet Inc., and Verisign will also support the business community by providing flexible PCI Data Security Standard solutions to address the needs of system integrators and business users. According to the group's Web site, each of the founding members is a vendor that offers products and/or services that deliver compliance with one of more of the 12 PCI DSS. The groups also says its looking for additional members that will provide all the data functionality required by the PCI DSS.

"Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," said Jon Oltsik, senior analyst, Enterprise Strategy Group. "The standards impose compliance rules that enterprises handling credit or debit card data must resolve from business and technology perspectives. The PCI SVI is a valuable component in addressing this issue holistically."

To demonstrate the business value of PCI DSS solutions, and their value in meeting other regulatory privacy and data security directives, the PCI SVA also plans to create a series of case studies, seminars, return-on-investment analyses and white papers showing how organizations may achieve compliance with the PCI DSS requirements efficiently and on budget.

Because the PCI DSS requirements are so detailed and market-stringent, the alliance advocates compliance to PCI DSS in meeting the numerous state, national and regional laws governing other business activities concerning systems security and privacy.

PCI SVA members plan to leverage this knowledge to support and complement the objectives of Visa, MasterCard, American Express, Discover and JCB in securing the sensitive data processed by their merchant partners.

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.