FFIEC News

EDS Launches PCI Compliance Reporter

(Dec 11, 2007)-- eEye Digital Security, developer of unified client security and vulnerability management tools, announced that it will be providing a PCI Compliance Reporter, a series of report templates designed to ensure that organizations comply with some 12 Payment Card Industry Data Security Standard (PCI DSS) requirements for protection against credit card fraud and identity theft. Since 2005, credit card fraud in the UK and America has increased by 350% on average, according to Reuters, while the FBI estimated the cost of organized cybercrime at $400 billion in 2004.

Conforming to strict PCI DSS standards, the eEye PCI compliance reports will enable users to comply with PCI requirements, beginning with the identification, assessment and mitigation of existing risks, prevention of future risks, monitoring and analyzing events, incident response and generating reports on risk status.

"Being able to enforce and report local system policy from a centralized position is key," said Morey Haber, eEye VP of Product Management. "eEye solutions allow an organization to accurately portray its security posture and attest to its state of compliance. We can maintain a snapshot of system status, vulnerabilities, patches, and configuration detail in any size of environment, identifying compliance anomalies in a timely fashion and thereby helping organizations run secure business practices."

The eEye PCI Compliance Reporter supports the following PCI DSS mandates:

-- Install and maintain a firewall configuration to protect data;
-- Prevent the practice of using vendor-supplied defaults for system
passwords and other security parameters;
-- Use and regularly update anti-virus software and signatures;
-- Assign a unique ID to each person with computer access;
-- Regularly test security systems and processes; and
-- Develop and maintain secure systems and applications;

These PCI compliance reports will initially be available for use with the REM Security Management Console and the REM 1505 Appliance, both of which offer a complete view and control of an organization's security posture; integrated vulnerability management (network and host) with centralized endpoint security management. The console manages Retina network vulnerability scans and Blink Professional endpoint security policies and incidents from a single console.

PCI Compliance Reports by eEye will later be available in its Retina Network Security Scanner. Retina scans the network for known and unauthorized devices -- such as servers, desktops, laptops, routers/switches -- identifying missing patches, misconfigurations, policy exceptions, and other vulnerabilities.

The PCI DSS is the payment card industry's effort at self regulation. It creates a unified security standard that reduces the risk of card fraud and governs the safekeeping of cardholder information throughout the transaction process. It applies to any and all merchants, service providers and acquirers that store, process or transmit cardholder data.

According to statistics posted on Visa's Web site, 44% of 327 so-called Level 1 merchants, those identified as submitting more than 6 million Visa transactions annually, were PCI compliant as of Aug. 31, up from 40% in July. Another 54% have submitted plans but need to make changes before getting final validation. Level 1 merchants account for half of Visa's transaction volume.

Visa also noted that nearly 2,500 Level 3 merchants, those that do business only on the Web and generate 20,000 to 1 million annual Visa transactions, have a validated PCI compliance rate of 54%. Twenty percent are in remediation and 24% have started the PCI assessment process, Visa reports.

Share or bookmarklet this web page at: