Company claims industry's first end-to-end solution for PCI compliance.
IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) have released a new program that provides products and services to help customers achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS (Payment Card Industry Data Security Standard) Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. ). Unlike similar offerings, the comprehensive program is designed to take companies through the entire PCI (1) (Payment Card Industry) See PCI DSS.
(2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). compliance process, from assessment to compliance to certification, helping them meet all 12 PCI requirements for safeguarding customer payment card data.
PCI is a global standard that applies to any company that processes, transmits or stores credit card information. The standard was created by credit card companies to help organisations prevent security breaches. Any company that processes credit card data today could be threatened by cyber-crime attacks, resulting in customer identity theft. Those companies that do not achieve PCI compliance could have their ability to process credit cards revoked, or could face increased processing costs. Given the far-reaching impacts security threats can have on organisations, non-compliant companies risk significant financial and customer losses and damaging effects on brand reputation. Despite the threats of fines and a recent rash of high-profile data breaches, the rate of PCI compliance is estimated to be less than 50 percent. In fact, according to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. a report by industry analyst firm Gartner, Inc., Visa USA indicates that, as of July 2007, 39 per cent of level-one merchants (defined as those that process more than 6 million transactions annually) and 33 per cent of level-two merchants (defined as those that process between 1 million and 6 million transactions annually) are compliant with the PCI Data Security Standard. (1)
"As many merchants have learned in recent years, meeting some or even most of the mandated PCI requirements is no longer sufficient," said IBM.
The PCI Data Security Standard is a set of 12 requirements for safeguarding payment card data. These requirements range from installing and maintaining firewall configurations to encrypting transmission of cardholder card·hold·er
One who holds a card, especially a credit card.
cardhold data and maintaining proper policies and testing procedures.
To help customers meet all 12 of these requirements, the PCI solution includes consulting services Noun 1. consulting service - service provided by a professional advisor (e.g., a lawyer or doctor or CPA etc.)
service - work done by one person or group that benefits another; "budget separately for goods and services" for compliance gap analysis, remediation, validation, ongoing testing and reporting, as well as a range of products that help organisations with each aspect of security planning, management and compliance reporting. These include security process assessment, security information and event management, storage management, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. , identity and access management, change and configuration management, intrusion prevention See IPS and IDS. systems, application layer testing and user activity monitoring software.
Additionally, IBM claims to be one of only three companies in the world that is globally certified to perform PCI Assessments, PCI Quarterly Network Scanning, PCI Payment Application Assessments and PCI Incident Response Services.
The five-phase program includes:
- Assessment -- This includes an overall "security health check" to understand areas for remediation and how to become and remain compliant.
- Design -- This phase involves development of security strategy, policies, standards and procedures, as well as incident response planning, security architecture design and implementation planning Operational planning associated with the conduct of a continuing operation, campaign, or war to attain defined objectives. At the national level, it includes the development of strategy and the assignment of strategic tasks to the combatant commanders. .
- Deployment -- This phase focuses on implementation and optimisation of security software and hardware to help secure customer data, both in motion and at rest, as well as on migration services and vulnerability remediation.
- Management -- Providing ongoing support on this phase with security monitoring and management software solutions, as well as staff augmentation AUGMENTATION, old English law. The name of a court erected by Henry VIII., which was invested with the power of determining suits and controversies relating to monasteries and abbey lands. and emergency response, forensic analysis and threat-analysis services.
- Education -- Ongoing product courses, training and security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. programs so customers can appropriately train personnel to maintain PCI compliance over the long term.
IBM has also sdded specific PCI compliance capabilities to its IT Governance and Risk Management portfolio.
(1) -- Gartner, Inc., "PCI Questions Are Often Clearer Than Their Answers," by Avivah Litan and John Pescatore, August 7, 2007