FFIEC News

BIG Software Helps Merchant Customers Move Toward PCI DSS Compliance

(Nov 22, 2007)--IP Commerce, a software company enabling open commerce services between businesses, and BIG Software, Inc., a software company that provides back-office solutions to small businesses, announced BIG’s completion of the PABP Rapid Compliance program. This program, led jointly by IP Commerce and Coalfire Systems, provides software developers with an efficient and more cost-effective way to gain Payment Application Best Practices (PABP) validation. PABP is a set of Visa recommendations that help software companies create and maintainsecure payment applications.

A PABP-verified application ensures their merchants and agents do not use Payment applications known to retain sensitive customer information such as the full contents of any magnetic strip and PIN data.
By using the PABP Rapid Compliance Program, BIG Software was able to PABP-verify their payment
application Rapid Receipts for Microsoft Office Accounting. “The PABP Rapid Compliance Program offers
the easiest and quickest path available in the market to get a payment application PABP verified by Visa,”
said Ernest Cook, President, BIG Software, Inc. “Receiving PABP validation will accelerate our ability to
add commerce capabilities to our applications and make compliance headache-free for our customers. It
also gives us a powerful market differentiator that will help mitigate risk for our merchant customers, and
for ourselves.”

Vulnerable payment applications have proved to be the leading cause of compromised incidents, particularly among small merchants. In an effort to combat identity theft, Visa developed PABP and will begin implementing a series of mandates starting January 1, 2008, to eliminate the use of non-secure payment applications from the Visa payment system. These mandates were recently adopted by the PCI Security Standards Council, the global forum for card data security, into their Payment Applications Data Security Standards (PA-DSS). PA-DSS regulations are expected to be detailed in early 2008.

The PABP Rapid Compliance Program was designed specifically for payment industry software companies to validate their application against Visa’s PABP standard. Participation in the Rapid Compliance Program significantly expedites the process to obtain PABP validation from Visa. Instead of taking six months to a year to initiate, software vendors that take part in the PABP Rapid Compliance Program can now receive the PABP validation within months.

The PABP Rapid Compliance Program utilizes IP Commerce's Commerce Toolkit for Applications, which
includes best practice implementations of PABP recommendations, enabling software developers to
focus on creating user experiences and business logic. Because Coalfire auditors are already intimately
familiar with the PABP components built in to Commerce Toolkit for Applications, the verification process
conducted by Coalfire auditors requires less time and resources.

“This program addresses the long-standing obstacles faced by software developers and makes the
process of gaining compliance more understandable, more affordable and more manageable,” said Chip
Kahn, CEO of IP Commerce. “It is our hope that other software developers will follow BIG Software’s lead
in obtaining PABP validation through this accelerated process to further ensure the security of payment
transactions."

By taking a proactive approach to end-user security and receiving PABP validation for their software now,
software developers eliminate the need to rewrite code for their commerce-enabled applications down the
road once PABP compliance is mandated for all merchants and service providers that store, process or
transmit cardholder data.

“We’re seeing that merchants actively involved in a compliance program will not select an application that
is not PABP validated,” said Jim Fish, Vice President, Coalfire Systems. “By implementing this program,
we are helping software developers such as BIG Software get ahead of the curve in managing customer
cardholder data according to Visa’s standards to mitigate risk for their companies, as well as their
merchant customers.”

The Coalfire Systems, Inc. team members are specialists in IT audit, information security and regulatory
compliance. Coalfire's expertise includes risk management programs for compliance to the Gramm-
Leach-Bliley Act, Sarbanes Oxley, HIPAA, VISA CISP (PCI) and other security-related regulations and
industry initiatives.

Share or bookmarklet this web page at: