SOURCE: Solidcore

December 10, 2007 08:00 ET

Solidcore Reveals Five Easy Tips for Meeting Looming PCI Deadline

Change Control Expert Advises Level 2 Merchants on How to Ease Meeting the December 31 Deadline

CUPERTINO, CA--(Marketwire - December 10, 2007) - While most retailers are focused on meeting the needs of their shoppers this holiday season, they must also focus on meeting the requirements of the Payment Card Industry Data Security Standard (PCI DSS). As the year-end approaches, Level 2 merchants (defined by Visa as those that process between one and six million transactions annually) are scrambling to meet the compliance deadline. To demonstrate PCI compliance, Level 2 merchants must file an annual self-assessment questionnaire and have an approved vendor conduct quarterly network scans. If retailers cannot prove compliance by December 31, they face monthly fines and can lose the privilege of accepting credit cards. In addition, if a Level 2 retailer fails their first PCI assessment, they face stricter guidelines and must meet Level 1 standards moving forward. Solidcore® Systems, Inc., a leading provider of real-time change control software, today announced five easy tips to help Level 2 merchants quickly achieve and sustain PCI compliance.

TIP 1: Delegate and Designate. Assign a specific person to research and lead the charge to ensure your organization is addressing the PCI compliance requirements. This person will serve as the central point of contact for assessors, vendors and internal personnel responsible for enabling processes and technology.

TIP 2: Do the Documentation. Conduct an internal audit of your existing physical and information technology (IT) security infrastructure, documenting the security solutions currently deployed throughout the IT environment. This documentation will save your organization time and money and serves as a helpful tool before you begin working with an approved Qualified Security Assessor (QSA) to verify compliance.

TIP 3: Rely on the Reliable. Use an approved QSA that has experience with companies of similar size. This will ensure the assessment is done as quickly and efficiently as possible. Also, when looking to deploy new technologies, it is valuable to leverage solutions that are part of the PCI Security Vendor Alliance (www.pcialliance.org).

TIP 4: Implement the Important. Prioritize the deployment of solutions that will ensure your organization is meeting the more complex requirements first. For example, requirements 10 (track and monitor all access to network resources and cardholder data) and 11 (regularly test security systems and processes) are the least-satisfied requirements according to independent research. These requirements specify the use of a file integrity monitoring solution. Be sure to use a real-time change and configuration audit solution that can automatically document "who" is making change, "what" is being changed, "when" a change was made, and "how" a change was made on the infrastructure. This helps validate a merchant's security posture quickly and easily.

TIP 5: Look Beyond PCI. Since you are already doing the work, ensure that the new programs and solutions implemented are also helping improve overall business efficiency. While PCI compliance may be the driving factor, it should not be the only factor when evaluating new solutions. For instance, look for a solution that is preventative as well as detective to help sustain continuous compliance after systems and configurations have been established and secured.

"The payment card industry is driving both merchants and service providers to assess their overall needs for control," said Bob Vieraitis, vice president of marketing at Solidcore. "Organizations that focus on implementing best practices for ensuring integrity of systems and protecting customer data will reap benefits long after the PCI deadlines have come and gone. Those that haven't done the due diligence and have a data breach will be completely exposed and risk far more than fines."

Solidcore, in conjunction with Emagined Security and Fortrex, compiled a comprehensive report that provides a detailed overview of the cost of compliance and highlights the fiscal importance of meeting regulations. Please email solidcore@schwartz-pr.com for more information or visit www.solidcore.com to register for the full report.

About Solidcore Systems

Solidcore is a leading provider of real-time change and configuration control software. Organizations worldwide trust Solidcore to assure compliance with the Payment Card Industry (PCI) and Sarbanes-Oxley (SOX) standards, to improve service availability, and achieve faster returns on ITIL and IT service management initiatives. Solidcore's S3 Control software helps organizations by tracking changes to their critical infrastructure in real-time, determining if the changes are authorized and blocking unauthorized change. Solidcore is headquartered in Cupertino, California. For more information, visit www.solidcore.com.

Solidcore is a registered trademark of Solidcore Systems, Inc. in the United States and other countries. All other product names, trademarks, and service marks mentioned herein are the property of their respective owners.

Contact Information

  • Press Contact:
    Tony Thompson
    Solidcore Systems
    +1-408-387-8444
    Email Contact