As fraud continues to be at the top of the mind of ISOs, merchants, financial institutions and others involved in the payment industry, several companies are unveiling new products and services designed to enhance security.
    Ingrian Networks and Ambiron recently partnered to market and deliver their solutions for improving the security of payment data and ensuring compliance with credit card association security guidelines.
    Ambiron will work with Ingrian’s DataSecure Platform, an encryption solution, as part of its compliance offerings for the Payment Card Industry (PCI) data security standards program. PCI data security standards are a result of collaboration among the card associations to provide a unified approach to safeguarding sensitive cardholder data.
    Ambiron has also partnered with Mercantec to develop and test PCI SecureSite, an integrated e-commerce compliance solution that secures merchant transactions from the web hosting provider to the shopping cart to the payment gateway. Ambiron and Mercantec have submitted a formal report to Visa USA for validation of the solution as the industry's first official “end-to-end” compliance solution.
    For acquiring banks and ISOs who underwrite and manage thousands of merchants, the integrated solution is designed to ensure that merchants and service providers are operating in a manner consistent with the industry data security standards.
    For PCI Level 3 and Level 4 merchants who adopt the integrated solution for the transaction process, their compliance with card association data security standards would be automatically validated. As a result, the risk of unauthorized access to cardholder data they process, store and or transmit would be reduced along with the risk that they will be fined for non-compliance with industry data security standards.
    PCI SecureSite includes shared web hosting, storefront software application/shopping cart, payment gateway and qualified security assessor and scanning.



    Authorize.Net Corporation recently completed a successful Multi-Card Compliance Program (MCCP) certification audit conducted by Ambiron.
    To complete the MCCP audit successfully, Authorize.Net was subjected to internal and external vulnerability scans designed to verify card association compliance programs sponsored by Visa, MasterCard and Discover Card. As a result of its certification, Authorize.Net has re-validated its compliance with the Visa USA Cardholder Information Security Program (CISP) and validated its compliance with major care issuer security programs.
    Each of the programs was established to create rigorous technology and data maintenance standards designed to protect sensitive cardholder information from being compromised. These standards are directed at all businesses that store, process, or transmit cardholder information.



    In mid-March, MasterCard International launched the Payment Data Protection (PDP) program, a new initiative to help merchants and their business partners safeguard card transaction data and prevent fraud. The first-of-its-kind program will focus on how to best store, secure and share transaction data.
    “The PDP program is designed to share best practices for handling and protecting private transaction data and maintain the integrity of the payments system,” said Gerritt Kerkstra, Senior Vice President, Acquirer Relations, MasterCard International. “This program is one way we can help our business partners minimize risk and prevent the damage that fraud causes the entire industry.”
    The PDP program has several elements that describe how merchants should store transaction data, keep it secure, and share information with vendors and other partners involved in processing payment transactions. The program also will delve into customer relationship management (CRM) considerations and clarify the guidelines that are already in place to safeguard account information. The campaign is designed to bring those involved in payment card transactions together to fight fraud. This initiative will include education materials, best practices and other information to promote industry collaboration.
    The following are security measures that all merchants should be aware of:

• Install and maintain a firewall to protect data.
• Avoid vendor-supplied defaults for system passwords.
• Protect stored cardholder data.
• Never store magnetic stripe or CVC 2 (cardholder verification code 2) data
• Encrypt cardholder data when transferred over networks.
• Utilize anti-virus software or programs.
• Develop and maintain secure systems and applications.
• Restrict access to data.
• Assign a unique username and password to each person with computer access.
• Restrict physical access to cardholder data.
• Regularly test and monitor security systems and processes.