HIPAA News

OpSource Demonstrates Compliance with Rigorous Payment Card Security Standards, Eases Compliance for On-Demand Companies

(Feb 21, 2008)-- “Whether it’s infrastructure, 24x7 end user support, billing, customer on-boarding or regulatory compliance, our customers know we’ll go the extra mile to help them succeed. Ensuring that our customers’ sensitive data is protected is of paramount importance to us. Trustwave provided us with a detailed report that any OpSource customer, and their end users, may review to see the strength of our security measures." said Ray Solnik, president and COO, OpSource on achieving Level 1 PCI DSS Compliance.

"In addition, customers that have applications subject to other regulatory requirements such as the Health Insurance Portability and Accountability Act and Sarbanes-Oxley can take advantage of our secure environment to address those other requirements. OpSource On-Demand is also SAS 70 Type II audited, certified by salesforce.com and WebEx, and complies with the European Safe Harbor Privacy Principles. We are fast becoming a one-stop shop for SaaS companies that want to go-to-market quickly.” added Solnik.

OpSource, the SaaS delivery experts, has announced Level One compliance with the Payment Card Industry Data Security Standard (PCI DSS). Trustwave, provider of information security and compliance management solutions to businesses and organizations throughout the world, performed the PCI DSS review.

PCI DSS is the payment card industry security standard for entities that process, transmit or store cardholder data, and has been endorsed by all the major card brands – Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The payment card brands require that on-demand applications that accept credit card information use PCI compliant service providers such as OpSource. Doing so assures the security of payment card information collected by companies who deliver their on-demand applications via the comprehensive, award-winning OpSource On-Demand™ Web application delivery platform.

Under the PCI DSS, payment service provider compliance requirements are segmented into different levels based on the number of transactions processed and/or transmitted annually. Through its Level One PCI DSS compliance validation, OpSource can support any on-line application, regardless of the volume of credit card information stored, processed, or transmitted. This level of compliance validation is required of any service provider supporting customers storing, processing, or transmitting an aggregate of greater than one million transactions or accounts per year.

In order to successfully comply with the Level One PCI DSS, merchants and service providers must demonstrate compliance with 12 requirements in categories such as building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program and maintaining an information security policy. As a Level One service provider, OpSource demonstrated its compliance by successfully undergoing a stringent, annual, on-site PCI data security review covering over 250 compliance points.

“OpSource’s Level One PCI DSS compliance was a critical factor in our choice of OpSource to deliver our application,” said Brian Kelly, CEO, Quaris. “Quaris wants to provide the most secure, on-demand analytics solution possible and thanks to OpSource, the scope of requirements that we needed to concern ourselves with in order to demonstrate compliance in our own PCI DSS assessment was greatly reduced. Many of the requirements were already covered under OpSource’s assessment, saving us a great deal of time, effort, and money. In addition, OpSource’s Level One compliance provides us, and in-turn our customers, with much greater security assurance than we would have experienced with a Level Three service provider that didn’t submit to an independent, on-site evaluation.” Quaris provides on-demand business intelligence solutions, which facilitates higher-value analytics at an absolute fraction of traditional business intelligence costs.

A consortium of major payment card companies developed the PCI DSS to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The payment card companies require acquiring banks to ensure that any company that processes, stores or transmits payment card data demonstrates PCI DSS compliance or risk losing its authorization to process credit card payments.

Share or bookmarklet this web page at: