New PCI Compliance Solution From New Boundary Technologies Eases Compliance Complexity, Eliminates Internal and External Threats

By | September 11, 2006

With only a small minority of merchants currently compliant with the Payment Card Industry (PCI) Data Security Standard, New Boundary Technologies®, an award-winning provider of automated configuration and security management solutions, today announced availability of its automated PCI Compliance Solution. Powered by the company’s Policy Commander™ security policy management product, the PCI Compliance Solution is designed to help customers comply with the exacting standards set forth by Visa and MasterCard in the PCI Data Security Standard.

According to Visa, only 22 percent of large merchants have complied with the PCI Data Security Standard a full year after the June 2005 deadline. Visa defines large merchants (Level 1) as those conducting six million or more transactions per year. Merchants point to the complexity and lack of guidance in the PCI Standard, which has 12 rules and 200 detailed requirements to meet, as a major roadblock to compliance. Cost is another important compliance barrier. Gartner estimates that a company with at least 100,000 accounts can spend as much as $16 per customer account to implement PCI. However, failure to comply with PCI can prove even more expensive. According to the PCI Standard, noncompliant merchants and payment processors can be fined up to $500,000 per incident if cardholder data is compromised. And card associations can revoke companies’ credit card processing privileges for failure to comply.

The New Boundary Technologies PCI Compliance Solution cuts through the complexity of the PCI Data Security Standard, making it easy to securely configure computers and protect electronic information to achieve compliance. It continuously secures cardholder information against both external and internal threats. By automatically monitoring and enforcing computer security policies, the solution protects workstations and servers against malicious activity intended to compromise confidential information while reducing compliance costs. The solution is comprised of three components:

* PCI Security Guide – To help security officers and IT professionals implement PCI security measures, the company has created the New Boundary Technologies PCI Security Guide. This guide breaks down the various PCI security provisions and provides guidance on specific steps organizations can take to become compliant.

* PCI Security Policy Library – New Boundary Technologies’ PCI Security Policy Library contains proven computer security policies that address specific cardholder information security concerns. Available immediately, the PCI Security Policy Library helps organizations meet regulatory requirements by continually safeguarding cardholder information and the computers that have access to it.

* Policy Commander™ – The PCI Compliance Solution is powered by Policy Commander, the company’s automated security policy management and enforcement product. Policy Commander dramatically improves the security state of computers by eliminating inherent configuration vulnerabilities through automation that assigns security policies to the right computers, and remediates computers when they fail to comply with assigned policies.

New Boundary Technologies’ PCI Compliance solution is the third compliance solution the company has developed to simplify adherence to the security requirements of regulatory mandates. The company launched its HIPAA Compliance Solution for healthcare organizations in February 2006, and its GLBA Compliance solution for financial services firms in June 2006.

“As threats to consumer data increase in volume and sophistication, the stakes of compliance are high for businesses, regardless of the industry,” said Kim Pearson, president and chief executive officer of New Boundary Technologies. “As with most standards, merchants have been slow to comply with PCI, mainly due to the complexities innate in compliance. However, fines in the millions and damage to corporate reputations are driving the demand for technologies like ours that offer automated, 24/7 compliance.”

Leave a Reply