The Green Sheet Online Edition
November 12, 2007 • Issue 07:11:01
Web-based tools to help merchants tackle PCI compliance
To educate merchants on the Payment Card Industry (PCI) Data Security Standard (DSS) and enhance their ability to safeguard consumer data, MasterCard Worldwide and RBS Lynk, in partnership with Trustwave, have rolled out Web-based tools tailored to merchants' needs.
MasterCard's offering is called the PCI Merchant Education Program. The program is eight interactive, online sessions focused on different aspects of the PCI compliance requirements originally developed by the card Associations, including MasterCard and Visa Inc.
The education program can be adapted to meet the needs of acquirers and the merchants they service. It offers on-site, in-person training for acquiring bank professionals. For merchants MasterCard has unveiled its On-Demand Webinar Series (WS), prerecorded Web presentations that can be viewed as merchants' time constraints dictate.
Topics of the WS include: a detailed look at the PCI DSS, steps a merchant must take to gain compliance, preparing a merchant for a PCI audit and how a merchant can reduce the risk of data breaches.
Joshua Peirez, Chief Payment System Integrity Officer for MasterCard, said, "This new program is the latest component in our collaborative efforts to help protect our customers from data theft and fraud and help facilitate the global implementation of consistent data security measures."
Online risk assessment
Using PCI DSS as a framework, the Risk Profiler and Trustkeeper utilities - developed conjointly by leading payment processor RBS Lynk and global information security provider Trustwave - are specialized programs that help merchants identify and mitigate risks in their card transaction systems.
The Risk Profiler gives merchants access to online and on-site data security tools, such as the Risk Profiler Web-based risk analysis program and Trustkeeper, another online service geared toward helping merchants reach PCI compliance.
The Risk Profiler application guides merchants toward completion of the self-assessment questionnaire (SAQ) and a network vulnerability scan. Trustkeeper is software downloadable to a merchant's POS system. It tracks whether or not card data is appropriately stored and safeguarded on the system. Both the Risk Profiler and Trustkeeper are designed specifically to help level three and level four merchants as defined by the card Associations. Level three merchants process 20,000 to 1 million card transactions per year; level four merchants are those businesses that process fewer than 20,000 card transactions per year.
Robert J. McCullen, Chairman and Chief Executive Officer of Trustwave, said, "We can assist level three and four merchant populations through the compliance cycle with easy-to-access technologies to ensure consumer identities and payment information remain secure."
"This program will help merchants meet the requirements of PCI DSS and ensure the protection of consumer card data," LeAnn Brown, Assistant Vice President and Risk Manager of PCI compliance at RBS Lynk, said. "We are working with Trustwave to simplify the process for merchants to establish and maintain their compliance with these important security mandates."
PCI DSS is a series of 12 requirements to which every merchant accepting electronic payments must adhere. These include building and maintaining a secure network, protecting cardholder data, and regularly monitoring and testing network security.
The main goal of PCI DSS is to protect consumer card information from slipping into the hands of fraudsters and data thieves.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.