SOURCE: nuBridges, Inc.

June 04, 2007 11:05 ET

nuBridges Helps Retailers Become PCI-Compliant

Simple Data Encryption Falls Short in Audits

ATLANTA, GA--(Marketwire - June 4, 2007) - In the continuing effort to protect credit card information from landing in the wrong hands, retailers who are looking for ways to securely store and transmit customer information are finding that simple data encryption falls short of providing the protection needed to comply with the Payment Card Industry Data Security Standard (PCI DSS).

"It's not uncommon for retailers to fail an audit, even when they have encryption solutions in place," said Gary Palgon, nuBridges vice president of Product Management. "What they discover in the process is that simply encrypting data does not ensure that the data is forever protected nor guarantee them to pass routine audits."

A recent change in PCI DSS version 1.1 states that companies must rotate keys annually. Many retailers use in-house or third-party encryption solutions that do not provide the flexibility to comply with the mandate. A number of those retailers sought out nuBridges to gain this capability.

Other retailers are finding that they are out of compliance because they do not have the capability to easily establish a buffer zone -- or DMZ -- from which to send documents. Under the new standard, it is illegal to transmit documents and information to business partners from a computer containing credit card data inside the corporate firewall. This is meant to protect personal customer information that may reside on company desktops and servers from theft.

"Many companies are currently failing audits simply because they have not established a buffer zone from which to transmit documents outside the organization," said Palgon. "nuBridges enables companies to become compliant with this mandate by securely transmitting customer information within the company and externally."

"Keeping up with the changing standard and complying with it can be difficult for retailers," said Palgon. "At nuBridges we make it our responsibility to inform our customers of changes in the PCI DDS well in advance of their next audit. As a participating organization on the PCI Data Security Council, we take an active role in reviewing and recommending changes to the PCI DSS. This involvement enables us to help our customers pass their annual security audits and maintain PCI compliance throughout the year."

While it is standard practice for security solutions to protect data at rest, only nuBridges also protects data in motion -- data that is being transmitted between, for example, a point-of-sale system to the store network server and back to corporate headquarters.

"Retailers perform a gap analysis across their information supply chain to identify where customer data resides throughout the process and assess if it is adequately protected," said Palgon. "While retailers understand their responsibility in protecting customer data while it resides on a server, few realize how important it is to also protect that information during transmission within the enterprise or with trading partners."

nuBridges PCI Secure integrates with numerous point of sale, loss prevention & fraud detection, enterprising logging, merchandizing, customer relationship management and loyalty information systems to protect data at rest and in motion.

"nuBridges has proved to be more than just a software company. They have been a valuable partner in developing a secure eBusiness strategy for our company," said Bernie Rominski, IT Security Officer, Regis Corporation. "Their knowledge of PCI compliance practices combined with the company's comprehensive technical solutions has allowed us to quickly establish a framework that will protect our customers and meet our compliance objectives."

About nuBridges PCI Secure

nuBridges PCI Secure provides the practical answer to payment card industry (PCI) data security compliance, protecting retailers from operational disruption and the risk of penalties through a combination of technologies that encrypt, transport and store credit card information securely.

About nuBridges, LLC

Atlanta-based nuBridges, Inc. is the secure eBusiness authority. Thousands of companies worldwide use nuBridges software and services to connect electronically with business partners, protect information in transit and at rest, and comply with legislative and industry mandates for data security. nuBridges technology drives B2B transactions worth $884 billion every year. For more information on nuBridges, visit www.nubridges.com.

Contact Information

  • For more information:
    Marcy Theobald
    Carabiner Communications
    678-860-3639
    Email Contact