SOURCE: SecurityMetrics

October 21, 2008 12:04 ET

SecurityMetrics Updates Managed PCI Compliance Service

Strengthens Security Effectiveness, Reduces Cost, Complexity and Compliance for PCI DSS 1.2

OREM, UT--(Marketwire - October 21, 2008) - SecurityMetrics, the leading provider of PCI DSS compliance technology and services, today announced the immediate availability of an updated version of SecurityMetrics' Certified PCI DSS (PCI Data Security Standard) Authorized Scanning Vendor (ASV) Service and Site Certification Service. The technology supports the updated Payment Card Industry Data Security Standard version 1.2, released earlier this month by the Payment Card Industry Security Standards Council (PCI SSC).

SecurityMetrics provides a suite of tools that help merchants attain compliance with PCI DSS. The company's software scanning technology is designed to meet the PCI DSS 1.2 requirements and is available as a Site Certification online service or as an appliance. SecurityMetrics Site Certification Service simplifies the process for answering the latest PCI Self-Assessment Questionnaire. Upon completion of the questionnaire, compliance results are automatically provided to the merchants' acquiring bank. SecurityMetrics' tools, combined with guidance from the SecurityMetrics' security support team simplify the processes to more cost-effectively administer a comprehensive PCI DSS-compliance program.

"Our latest release further strengthens compliance and incident response for merchant security programs," said Brad Caldwell, SecurityMetrics' CEO. "One of the trends we've seen is that as a compliance deadline arrives, merchants begin to look in earnest for ways to get compliant fast. Level 4 merchants had a compliance deadline on October 1st and we are now seeing 5 times the normal Level 4 merchant enrollment level. Our approach scales these environments by providing the technology and expertise to help achieve compliance, and prove it, very cost effectively and without huge internal resource requirements."

SecurityMetrics new Site Certification ASV scanning technology increases vulnerability assessment scanning capacity by more than 6 times while the time required to increase scanning capacity has been reduced by over 30 percent versus previous technology. Benchmark testing has demonstrated SecurityMetrics Webprobe SQL Injection Detection Engine finds more attack vectors and produces fewer false positives. The new release also includes an enhanced testing system that enables new development code to be tested more thoroughly prior to being deployed into production environments.

PCI services from SecurityMetrics provide a complete TCP scan of over 65,535 ports, default password testing for over 700 of the most common usernames & passwords and comprehensive Web site analysis to determine if a security problem exists. Remote vulnerability assessment scanning and the SecurityMetrics Webprobe SQL Injection Detection Engine are introduced in this release.

PCI DSS is the payment card industry security requirement for entities that store, process or transmit cardholder data, and has been endorsed by all the major card brands -- Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. SecurityMetrics is a PCI Qualified Security Assessor Company, PCI Payment Application Qualified Security Assessor and a PCI Authorized Scan Vendor.


New SecurityMetrics Site Certification ASV scanning technology complies with the new PCI DSS 1.2 specification and is available immediately as a free upgrade to current SecurityMetrics Site Certification customers. New customers should call SecurityMetrics for a needs assessment and pricing. Call 801.705.5665 in North America or 0207.993.8030 in Europe.

For more information, see

About SecurityMetrics

SecurityMetrics, Inc. is a leading provider of Payment Card Industry (PCI) Data Security Standard (DSS) security solutions. SecurityMetrics is certified to perform PCI Scans (ASV), PCI audits (QSA), Payment Application Best Practices audits (QPASP), MasterCard Point of Sale Terminal Security Program audits, penetration tests and forensic analysis. SecurityMetrics also offers a security appliance that includes vulnerability assessment, intrusion detection and intrusion prevention capabilities. SecurityMetrics is a privately held corporation headquartered in Orem, Utah. For more information contact SecurityMetrics at (801) 724-9600 or visit

Contact Information