VPI Joins Payment Card Industry Security Vendor Alliance (PCI SVA)

Camarillo, California - April 9, 2008
VPI (Voice Print International, Inc., http://www.VPI-corp.com), a leading innovator and provider of integrated interactions recording and contact center workforce optimization (WFO) solutions, today announced that it has joined the Payment Card Industry Security Vendor Alliance (PCI SVA). The PCI SVA works with the retail and payment card industries to develop efficient and cost-effective ways to achieve compliance with the PCI Data Security Standards (PCI DSS), a global benchmark intended to improve security throughout the entire payment card transaction process.
To read the full story Click Here

New Research Program Invaluable to Merchants Meeting PCI Compliance

PCI Knowledge Base Marshals Industry Muscle to Impart PCI Best Practices

Fremont, California - April 8, 2008

The Payment Card Industry Security Vendor Alliance (PCI SVA) today announced the launch of the PCI Knowledge Base, a research program designed to help merchants, assessors, banks, processors and vendors anonymously share PCI knowledge and experience.

According to Visa, the percentage of large merchants that met PCI Data Security Standard (PCI DSS) compliance more than doubled over the last eight months. This spike in compliant companies prompted the PCI SVA, a member organization that offers institutions and card processors products and services to achieve PCI DSS compliance, to create the PCI Knowledge Base.

“PCI compliance is a complex and often daunting issue,” said David Taylor, Director of Research of the PCI Alliance. “We wanted to find out how so many companies became compliant so quickly and share that information with other merchants affected by PCI DSS.”

The PCI Knowledge Base contains over 1,200 best practices, lessons-learned, vendor experiences, PCI assessor experiences, and industry trends, based on more than 75 hours of interviews with merchants, banks, card processors and security vendors. It delivers advice from a panel of experts, consisting of more than 30 PCI assessors, chief technology officers, chief information and security officers, and security consultants.

The Knowledge Base’s Panel of Experts includes luminaries from many of the leading companies in the PCI sector—including Citigroup, U.S. Bank, AT&T, Convergys, Accenture, Ernst & Young, Tripwire, IBM, ArcSight, Citrix, Ipswitch, AirTight Networks, ArcSight, Configuresoft, Centrify and SafeNet, Inc.—as part of their efforts to help companies secure their confidential data and manage their compliance with security standards and laws.

Some key findings in the PCI Knowledge Base include:
• More than 65 percent of merchants and more than 80 percent of assessors says that PCI compliance choices are driven by the PCI checklist, and not by a risk management analysis, since a perfect score is required to be PCI compliant.
• PCI has caused a major shift in the security priorities of more than 60 percent of companies, to implement data at rest encryption and network segmentation, but away from security management tools, such as security information management.
• More than 40 percent of security managers report that PCI is an excellent standard, because it mandates specific IT controls and helps them justify needed security purchases.
• More than 70 percent of security managers have had substantial additional burdens placed on them by PCI, primarily the requirement to regularly review log files and access controls. In most cases this must be done manually, because there is no requirement or budget to automate the review process.
• More than 75 percent of merchants are focused on achieving “Paper Compliance” – or just getting a “Green ROC” in order to avoid fines, with a minority focused on ongoing or “Operational Compliance.”
• Only about 10 percent of merchants are managing PCI compliance as part of an enterprise compliance plan, but nearly 30 percent of merchants are planning to apply the PCI standards to protect other confidential data, such as SSNs.

For more information on the on the PCI Knowledge Base, visit www.knowpci.com.

The PCI SVA will host a cocktail hour at the RSA Conference in San Francisco on Tuesday, April 8 from 4 – 6 p.m. at SafeNet’s booth (1039). Join us to hear some of the highlights of the knowledge to be found in the PCI Knowledge Base, meet PCI SVA officers, learn about the latest initiatives of the Alliance, and network with other key players in the industry.

About PCI SVA
PCI SVA (http://www.pcialliance.org) assists members of the payment card industry, composed of merchants, banks and point-of-sale vendors, in educating the business community on the requirements and business value of the Payment Card Industry (PCI) Data Security Standard (PCI DSS), a global benchmark intended to improve security throughout the entire payment card transaction process.

For further information, contact:

Current Industry News

April 4, 2008 - Hannaford Data Breach May be 'Tip of the Iceberg'

January 17, 2008 - How Chevron met the PCI DSS deadline

PCI SVA Press Release Archives

March 10, 2008 - The PCI Security Vendor Alliance Welcomes Six New Members and Provides Compliance Education to Merchants (36.0 kb)

October 24, 2007 - PCI Security Vendor Alliance Welcoms Eleven New Members: Industry Organization Aims to Ease Compliance with PCI Data Security Standards (16.0 kb)

September 11, 2007 - PCI Security Vendor Alliance (PCI SVA) Simplifies PCI DSS Compliance Process:Release of Free Solutions Referral Tool for Busines Community (13.4 kb)

July 30, 2007 - PCI SVA Announces Election Results (12.4 KB pdf)

July 11, 2007 - What To Do After You Miss The PCI DSS Deadline (21.7 kb. pdf)

June 27, 2007 - What's Wrong With Retail Security? Majority of Merchants Unable to Meet PCI DSS Deadline on June 30 (14 Kb.pdf)

June 20, 2007 - The PCI Security Vendor Alliance Welcomes 11 New Members (24 Kb .pdf)

March 13, 2007 - Twenty-four Data Security Firms Join The PCI Security Vendor Alliance (20 Kb .pdf)