fhs
Volume 7, Number 6 -- February 13, 2007

Security Vendors Form PCI Alliance

Published: February 13, 2007

by Alex Woodie

Compared to the mysterious and daunting nature of Sarbanes-Oxley, the technical steps that companies must take to comply with the Payment Card Industry (PCI) data security standard are crystal clear. Just the same, questions on PCI remain. As of last month, thanks to the creation of the PCI Security Vendor Alliance, there's an organization dedicated to providing answers.

In 2005, the card payment industry started implementing minimum security guidelines that companies must follow to ensure the safety of sensitive data included in credit, debit, gift, and point of sale (POS) transactions. A vendor that failed to adopt the guidelines--first implemented by Visa with its Cardholder Information Security Program (CISP) and later adopted industry-wide via PCI--would face fines ranging into the hundreds of thousands of dollars, and eventually banishment from the electronic payment network for continued negligence.

Luckily for systems administrators, the PCI group outlined relatively clear technical goals for achieving compliance, including having basic network security such as a firewall and antivirus software, encrypting data in transit, implementing tight user-access controls, and tracking and monitoring mechanisms.

However, there's still a lack of awareness of PCI, says Jon Oltsik, a senior analyst with the Enterprise Strategy Group, an IT analyst group focused on storage issues. "Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," Oltsik says.

That's where the PCI SVA comes in. The group was founded by eight security software companies last month to educate technology users about PCI, and to spread the PCI gospel to technology and solution providers as well.

The eight co-founders--including ConfigureSoft, Cyber-Ark, Modulo Security, Proginet, Protegrity, Reflex Security, SafeNet, and Verisign--say they plan to create a series of case studies, seminars, return-on-investment analyses, and white papers showing how organizations may achieve compliance with the PCI DSS requirements efficiently and on-budget.

Two things that the PCI SVA will not do is certify security products or services, or certify companies PCI remediation activities. Any product certification for the PCI's Data Security Standard (DSS) is handled by the PCI Security Standards Council itself, whereas the final determination of compliance is made by the individual credit card brands or by certified auditors.

For more information about the PCI SVA, including an application form for vendors wishing to join the group, go to www.pcialliance.org.


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
RJS SOFTWARE SYSTEMS

Are Your Documents Safe?

Protecting business data is not an option.
With WebDocs you get a document and image management system
that allows you to safeguard data against disaster and misfiling.
WebDocs helps you decrease paper, storage and distribution costs,
increase productivity, and improve customer service.

Visit us at www.rjssoftware.com
or call us at 888-RJS-SOFT for a free 30-day demo.
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Bytware:  StandGuard Network Security 3.0, the next generation of System i security
nuBridges:  Leading provider of secure FTP on the iSeries
COMMON:  Join us at the 2007 conference, April 29 – May 3, in Anaheim, California

Books on Sale at the IT Jungle Store: 30 Percent Off for 30 Days

The System i Pocket RPG & RPG IV Guide: List Price, $69.95; Sale Price, $49.00
The iSeries Pocket Database Guide: List Price, $59.00; Sale Price, $41.00
The iSeries Pocket Developers' Guide: List Price, $59.00; Sale Price, $41.00
The iSeries Pocket SQL Guide: List Price, $59.00; Sale Price, $41.00
The iSeries Pocket Query Guide: List Price, $49.00; Sale Price, $34.00
The iSeries Pocket WebFacing Primer: List Price, $39.00; Sale Price, $27.00
Migrating to WebSphere Express for iSeries: List Price, $49.00; Sale Price, $34.00
iSeries Express Web Implementer's Guide: List Price, $59.00; Sale Price, $41.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95; Sale Price, $56.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00; Sale Price, $62.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00; Sale Price, $34.00
WebFacing Application Design and Development Guide: List Price, $55.00; Sale Price, $38.00
Can the AS/400 Survive IBM?: List Price, $49.00; Sale Price, $34.00
The All-Everything Machine: List Price, $29.95; Sale Price, $21.00
Chip Wars: List Price, $29.95; Sale Price, $21.00
 
The Four Hundred
Faster i5 595 Rumored to Be Imminent

IBM Moves OS/400 V5R3 Towards the Door, Rejiggers i5 Prices

Zend Upgrades Commercial Add-Ons for Its PHP Engine

As I See It: The Elusive Leader

The Linux Beacon
PA Semi Samples Homegrown Dual-Core Power Chip

Intel, AMD Push and Pull for X64 Market Share

VMware, XenSource Launch Virtualization Bundles

The X Factor: One Socket to Rule Them All

Big Iron
Platform Solutions v IBM: Estoppel, Old Show Key

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Opportunities, Not Problems!

SQL Cross Platform Interoperability: The Proper Function

Admin Alert: Selectively Sending Break Messages to Active Users

System i PTF Guide
February 3, 2007: Volume 9, Number 5

January 27, 2007: Volume 9, Number 4

January 20, 2007: Volume 9, Number 3

January 13, 2007: Volume 9, Number 2

January 6, 2007: Volume 9, Number 1

December 30, 2006: Volume 8, Number 50

The Windows Observer
Microsoft Hits Snags in Anti-Piracy Net

AMD Delivers Faster and Cooler Rev F Opteron Chips

Microsoft Hypes the NAP, Unveils New Security Appliance

VMware, XenSource Launch Virtualization Bundles

The Unix Guardian
HP Puts Solaris on More X64 Servers, Partners for Solaris Emulation

Sun Details Server Chip Roadmaps at Analyst Summit

AMD Delivers Faster and Cooler Rev F Opteron Chips

The X Factor: One Socket to Rule Them All

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

LANSA
Vision Solutions
LXI
SafeData
RJS Software Systems



TABLE OF CONTENTS
Lawson Brings Former Intentia ERP Suite Closer to Landmark

iSeries Web Adventures Call with iSafari

Valid Tech Assimilates Biometric Authentication Into the Enterprise

Gumbo's Dumpster Dives Into i5/OS Spool Files

News Briefs and Product Shorts:

Security Vendors Form PCI Alliance . . . nuBridges Adds Invoice Management Capabilities to Existing Products . . . Table Tennis Giant Finds Extol the Right Fit for B2B . . . WorksRight Boosts Canadian Postal Code Processing . . . Agilon to Resell Linoma's Transfer Anywhere Tool . . . XAware Updates Integration Software . . .

Four Hundred Stuff

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement