Frequently Asked Questions about the PCI Security Vendor Alliance
Is the PCI Security Vendor Alliance affiliated with the PCI Security Standards Council™?
No. The PCI Security Vendor Alliance is an independent group of vendors who see tremendous value in the standards managed by the council, but the PCI SVA is not formally a member of the PCI Security Standards Council™ . Individual vendors who are members of the SVA may be members of the council.
What is the mission of the PCI Security Vendor Alliance?
The mission of Payment Card Industry (PCI) Security Vendor Alliance (SVA) is to assist the members of the payment card industry, including retailers, E-commerce companies financial institutions, payment processors, POS vendors and any other organizations by providing products and services that enable these organizations to achieve compliance with the PCI DSS. The PCI SVA will also compliment the objectives of Visa, MasterCard, American Express, Discover and JCB by helping educate the payment card industry about the business value of achieving PCI DSS compliance.
Why are the PCI Data Security Standards so important?
The members of the PCI SVA have reviewed all of various national, state and industry data security and privacy regulations, and we have concluded that the PCI DSS represent the absolute most comprehensive set of data security and privacy requirements available anywhere, and are a set of guidelines for protecting confidential data throughout the value chain of ANY industry. That is, even though the PCI DSS are aimed at a single industry, and focus specifically on credit card data, we believe these same standards are applicable to the protection of all classes of sensitive or confidential data, in all industries where such data is collected, communicated, processed or retained. One of the objectives of the PCI SVA is to help our customers adapt and extend the PCI DSS to embrace other data elements.
Why was the PCI Security Vendor Alliance formed?
Merchants, financial institutions, card processors and other organizations that must comply with the PCI Data Security Standards standard must implement a wide variety of security products and services in order to achieve compliance. As vendors of security products and services that help enterprises achieve PCI DSS compliance, the members of the PCI Security Vendor Alliance seek to build awareness of just what is required to deliver a comprehensive PCI DSS solution. Collectively, the members of the PCI SVA offer merchants, financial institutions and card processors a wide range of alternative products to help them achieve PCI DSS compliance. As the Alliance grows, its membership will provide multiple options to help organizations achieve compliance with all the PCI DSS requirements.
Who are the founders of the PCI Security Vendor Alliance?
Founders of the PCI Security Vendor Alliance include Protegrity USA, ConfigureSoft, Safe-Net, and Cyber-Ark. Each of these vendors offers products and/or services that deliver compliance with one or more of the 12 PCI Data Security Standards. The founders are seeking additional members that will provide all the data protection functionality required by PCI DSS.
How will the founding members expand membership in the PCI SVA?
The goal of the PCI SVA is to provide members of the payment card industry with a range of different products and services to meet their PCI DSS compliance requirements. In order to do that, the PCI SVA encourages other vendors that offer complimentary products and services to join the PCI SVA. Those vendors of products and services that fulfill PCI DSS requirements are encouraged to complete the application form. Vendors who seek to provide a comprehensive, flexible, PCI DSS solution are encouraged to join the PCI SVA.
What is the cost to become a member of the PCI Security Vendor Alliance?
The goal of the members of the PCI SVA is to assemble enough vendors from all of the security and privacy sectors to be able to deliver a comprehensive, yet flexible, set of PCI DSS offerings that address all 12 of the PCI DSS requirements. There are several levels of membership available. See our membership page for details on the annual membership fees and the benefits of membership at each level.
Does the PCI Security Vendor Alliance publish the PCI Data Security Standard?
No. The PCI Data Security Standard is published by the PCI Security Standards Council™. More information on the standards themselves are available on the PCI Security Standards Council™ website, www.pcistandardscouncil.org.
Where is the PCI Security Vendor Alliance located?
The PCI Security Vendor Alliance office is located at 48377 Fremont Blvd., Suite 117, Fremont, CA 94538
Where should media inquiries or interview requests regarding the PCI SVA be directed?
For media inquiries or to request an interview, please contact Florencia Dazzi, PCI SVA Executive Director at: Phone: (510) 492-4027; Fax: (510) 492-4001; Email: info@pcialliance.org
Will the PCI Security Vendor Alliance provide information on security breaches and other regulatory compliance developments?
The members of the PCI Security Vendor Alliance follow changes in regulatory compliance very closely. When developments affect the mission of the PCI SVA they will be posted on the PCI SVA website. But the PCI SVA does not specifically maintain a "compliance news" blog or other compliance news website.
Will the PCI Security Vendor Alliance enforce compliance?
No, the PCI Security Vendor Alliance helps merchants and other PCI industry participants achieve compliance, but enforcement of compliance is the responsibility of the individual brands' compliance programs.
What is the Payment Card Industry (PCI) Data Security Standard (Data Security Standards)?
The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. More information can be obtained from the Web sites of the individual card brands.
Does the PCI SVA determine whether or not a merchant or processor is PCI Data Security Standards compliant?
No. The members of the PCI SVA deliver products and services to help an enterprise achieve compliance. The final determination of compliance is made by the individual credit card brands. The card companies may (or may not) accept the recommendation of a certified assessor, for Level 1 merchants or processors. For Level 2, 3 and 4 merchants or processors, a self-assessment is submitted for review to the credit card company. The different card brands may follow different review procedures and have different criteria. The level of the merchant or processor is determined by their annual card processing transaction volume. For more information on compliance and the criteria for determining the levels, see the FAQ at www.pcisecuritystandards.org, or visit the Web sites of the individual card brands.
Where can I get details of the PCI Data Security Standards requirements?
The PCI DSS version 1.1 and all supporting documentation can be found at www.pcisecuritystandards.org.
|
