SOURCE: SecurityMetrics

December 05, 2007 15:00 ET

Latest E-Commerce Data Indicates Record Risk to Consumers This Online Shopping Season

SecurityMetrics Simplifies PCI Compliance in Time for December 31 Deadline

OREM, UT--(Marketwire - December 5, 2007) - SecurityMetrics, the company giving merchants a simple way to prove continuous PCI Compliance, today introduced a new program to get online retailers compliant with new data security practices in time for a record 2007 online holiday shopping season. Addressing the need for secure ecommerce, SecurityMetrics is offering merchants a quick start Site Certification program priced from $139.99 US for a single IP address for the first year to meet the upcoming December 31, 2007 Payment Card Industry Data Security Standard (PCI DSS) and reduce overall risks associated with payment card processing. Combining the most comprehensive technology and services tailored to PCI DSS compliance, the SecurityMetrics Site Certification program helps service providers and merchants of all levels identify and manage data risks -- and prove it.

"In the wake of litigation and increased regulations related to security breaches, PCI DSS requires organizations to more seriously evaluate and strengthen their infrastructures. With effective PCI policies in place, retail IT can build, modify and adapt to these ever-changing regulations and secure internal processes more quickly and easily than ever before," said Wenlock Free, SecurityMetrics' Vice President of Business Development. "Our approach limits merchant risk by protecting the integrity of consumer data, ensuring that information is protected and being able to prove it to anyone, at any time."

Over the past few years it has become increasingly clear that online shopping is the top choice for busy consumers. The Monday following the US Thanksgiving holiday weekend has replaced "Black Friday" as the highest volume e-commerce shopping day of the year and this week Comscore reported that over $13.4 billion has already been spent online for the 2007 season-to-date, marking an 18% gain versus the same time frame last year. With a record number of consumers going online to complete their holiday shopping, the risk to data is also growing exponentially.

PCI DSS, endorsed by Visa, MasterCard International, American Express, Discover and others requires merchants and service providers that store, process or transmit customer credit card data to adopt aggressive security controls and processes to ensure data integrity. Regular compliance reports by a certified third-party assessor are required to validate compliance for organizations that handle a large number of transactions. Other requirements are imposed based on merchant level and failure to comply is subject to stiff penalties and fines.

Focusing on simplifying the process for PCI compliance, SecurityMetrics educates each and every merchant to help them understand their PCI DSS obligations and provides a path to compliance based on standards set forth by the Payment Card Industry Security Standards Council as an Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA). Assessments, performed by SecurityMetrics' authorized security consultants, are combined with SecurityMetrics' comprehensive PCI technology solution, encompassing the following critical areas for merchants, service providers, and payment application:

-- SecurityMetrics PCI Security Scanning Service:

   Enables organizations to comply with PCI DSS by identifying and
   addressing high-risk vulnerabilities that threaten confidentiality or
   the availability of cardholder data. Scanning services are implemented
   in just hours and scans are performed according to PCI DSS rules based
   on merchant level. SecurityMetrics' technology performs unlimited
   merchant scans to attain and assure data integrity, giving merchants the
   opportunity to make adjustments and comply continuously, not just in
   response to an audit.

-- SecurityMetrics Penetration Testing:

   Extensive manual security testing of systems for PCI DSS compliance and
   data security by SecurityMetrics' pen testing experts.

-- SecurityMetrics PCI Compliance Gap Analysis and Consulting:

   Helps organizations prepare for PCI compliance audits. SecurityMetrics
   provides merchants with the means to ensure compliance with expert
   advice and analysis.

-- SecurityMetrics PCI DSS Audit Service:

   An annual onsite security audit to validate the security posture of all
   systems, processes, and procedures related to cardholder data -- how it
   is processed, stored and transmitted.

-- SecurityMetrics Payment Application Best Practices (PABP) Assessment:

   Provides payment application vendors with an independent third-party
   security assessment of payment systems against PCI DSS Application Best
   Practices' approaches.

-- SecurityMetrics Forensic Services:

   If systems are compromised by an attack, SecurityMetrics forensic
   examiners mobilize to determine the root cause of the system compromise
   and the extent of the breach. Examiners deliver a plan to get your
   organization into compliance quickly.

-- SecurityMetrics Appliance:

   A hardware device is installed onsite to perform scans on the internal
   network, providing either Intrusion Detection System (IDS) or Intrusion
   Prevention System (IPS) monitoring.

"As we see it, PCI is good business for merchants," continued Free. "Our goal is to keep merchants of all levels continuously compliant with PCI DSS as a benchmark for a good security practice. This approach means customers are completely protected no matter where the vulnerability occurs across the infrastructure and merchants have a fast and cost effective way to take advantage of the benefits good data security offers them, allowing them to focus on their core business."

Established in 2000, SecurityMetrics gives retailers a comprehensive approach to securing data through a combination of both manual and automated online security services and hardware devices to detect and resolve security issues. SecurityMetrics' advanced technology routinely tests merchant's Internet servers to prove compliance with PCI DSS simply, continuously, and at a reasonable cost.

SecurityMetrics' quick start Site Certification program is priced from $139.99 US for a single IP address for the first year. The regular list price of the service is $699 US, so customers who take advantage of this special offer by December 31, 2007 will realize over a 80% savings. To qualify, contact a SecurityMetrics representative at 801.705.5656 in North America or 0207.993.8030 in Europe. For more information see

About SecurityMetrics

SecurityMetrics, Inc. is a leading provider of Payment Card Industry (PCI) Data Security Standard (DSS) security solutions. SecurityMetrics is certified to perform PCI Scans (ASV), PCI audits (QSA), Payment Application Best Practices audits (QPASP), MasterCard Point of Sale Terminal Security Program audits, penetration tests and forensic analysis. SecurityMetrics also offers a security appliance that includes vulnerability assessment, intrusion detection and intrusion prevention capabilities. SecurityMetrics is a privately held corporation headquartered in Orem, Utah. For more information contact SecurityMetrics at (801) 724-9600 or visit

SecurityMetrics is a registered trademark. Other names may be trademarks of their respective owners.

Contact Information