Tech Shout!

Symantec Corp. has announced Symantec PCI Services, a programmatic approach letting groups to meet the Payment Card Industry (PCI) Data Security Standard, dropping overall risk associated with payment card processing and ensuring a more flexible infrastructure.

Symantec said that these services help organisations recognise and manage data security risks for merchants and service providers that manage credit cardholder data.

The PCI Data Security Standard, endorsed by Visa, MasterCard International, and other card brands, requires merchants and service providers that store, process or transmit customer credit card data to adopt strict security controls and processes to ensure data reliability. Regular compliance reports by a certified third-party assessor are required to achieve compliance for merchants and service providers that handle a large number of transactions. Merchants and service providers that do not comply with the payment brand security requirements are subject to penalties or fines.

Symantec has met the standards set by Visa USA as a Qualified Data Security Company (QDSC) and assessments are performed by Symantec security consultants that have been authorised by Visa as Qualified Data Security Professionals (QDSP). Symantec’s vulnerability scanning methodology has also been approved by MasterCard International.

Symantec PCI Services include the following four critical offerings for merchants, service providers, and payment application vendors to help meet the PCI Security Standard:

- Symantec PCI Security Audit Service: Offers an annual onsite security audit to legalise the security posture of systems, processes, and procedures where cardholder data is retained, stored and transmitted, as outlined in the PCI Data Security Standard.

- Symantec PCI Security Scanning Service: Enables organizations to meet PCI data security requirements by identifying and addressing high-risk vulnerabilities that could threaten the confidentiality or availability of cardholder data.

- Symantec PCI Payment Application Best Practices Assessment: Provides payment application vendors with an independent third-party security assessment of their payment system against Visa USA’s CISP Payment Application Best Practices.

- Symantec PCI Compliance Readiness Review: Helps organisations prepare for PCI compliance activity by providing expert advice and a gap analysis of existing client practices and by identifying potential deficiencies that could result in non-compliance with PCI standards.

Mark Perry, vice president, professional services, Americas, Symantec said, “In the wake of a growing amount of litigation and regulatory activity related to security breaches and data loss, the PCI Data Security Standard is driving organizations to more seriously evaluate and strengthen their own security infrastructures.” Perry continued, “Symantec helps customers limit their overall risk by protecting the integrity of their data and millions of consumers can continue to conduct payment card transactions with the confidence that their information is protected.”

At the end of each Symantec PCI Compliance engagement, Symantec will deliver a written report according to PCI guidelines and help the client understand their security position. The company also offers consultants to help an organization develop and implement remediation plans for non-compliance issues. Symantec Security Consulting Services provide organizations with best-practice security measures through comprehensive assessments, planning, and design consultations.

Symantec PCI Services are currently available in the United States.