Accuvant PCI DSS Merchant Suite Now Available

Company Launches Suite of Service Offerings to Help Merchants Address PCI Validation Changes and Meet Compliance Requirements

DENVER - October 26, 2009 - Accuvant, a leading provider of information security, risk and compliance management consulting services, announced today that its PCI DSS (Payment Card Industry Data Security Standard) Merchant Suite is now available. This new offering consists of two customizable service options, both of which are designed to help merchants that store, process or transmit credit card data to understand, achieve and maintain PCI compliance.

"Historically, many businesses' approach to achieving PCI compliance has been based on internal best practices for meeting the industry-approved standards," said Dan Burns, Accuvant's vice president of sales. "However, the inherent flexibility of this approach often resulted in inconsistent security measures being implemented and managed across client systems, paving the way for breaches. In support of better protecting customer data, the payment card industry, which includes the major credit card brands, banks and processors, have adopted stricter PCI validation requirements and repercussions for non-compliance, which can range from hefty fees to loss of service. Because these changes are significant and require immediate action in most cases, Accuvant has developed two new services to help merchants with varying levels of experience and onsite resources to successfully meet and maintain PCI compliance objectives."

Industry experts agree that organizations that take a strategic approach to maintaining PCI compliance will experience fewer data breaches. According to a recent report, more than 295 million records were compromised in 2008, with 98 percent of the records representing payment card data.

To help Level 1, 2, 3 and 4 merchants address PCI validation changes and meet compliance requirements, Accuvant has created two new services that are structured as follows:

PCI Select
PCI Select is recommended for Level 1 and 2 merchants that are familiar with PCI requirements but need assistance completing PCI objectives. Merchants can pick the services that make the most sense for their needs and environment as well as complete mandatory assessments. This includes:

  • PCI Gap Analysis - assess current security posture, identify gaps, receive remediation recommendations and develop a roadmap.
  • PCI Scope Reduction - save time and money with solutions that reduce or eliminate PCI scope.
  • PCI Portal - manage compliance year-round with online compliance status reporting and remediation results tracking. Includes access to the Accuvant Learning Center, an online knowledge base that explains PCI control requirements and provides security awareness training.
  • PCI Scans - quarterly or on-demand external validation scans to ensure systems remain compliant.
  • Penetration Testing (internal and external - PCI 11.3) - discover vulnerabilities to provide remediation recommendations.
  • Now required for Level 1 and 2 - Onsite Assessment with QSA - third-party validation that your company meets PCI DSS requirements.

PCI Simplified
PCI Simplified is an Accuvant subscription service designed to do just that - to simplify PCI DSS requirements and provide merchants with an easy way to validate compliance for acquirers, banks and processors. This new, customizable offering is designed specifically for Level 2, 3 and 4 merchants and is structured as follows:

  • Online PCI compliance validation for your acquirer, bank or processor - achieved through the Annual Self-Assessment Questionnaire and/or Approved Scan Vendor quarterly scans.
  • Access to the Accuvant Learning Center, an online knowledge base that explains PCI control requirements and provides security awareness training.
  • On-demand consulting with PCI QSA.
  • Policy, procedure and standards templates to get your documentation started.
  • Managed services - Accuvant partners manage required PCI technology so you don't have to.

"Our new PCI Select and PCI Simplified services enable clients to partner with Accuvant on objectives or hand off the compliance project entirely," added Burns. "Our value is in helping our clients remove pain points related to IT projects and compliance objectives, and we believe these new services offer the simplest, most straightforward solution."

About Accuvant

Accuvant is a leading provider of information security, risk and compliance management consulting services, with more than 2,000 customers across North America and Europe. The company's security advisors use industry expertise and proven methodologies to help large enterprises assess their environments, improve their compliance postures and secure their infrastructures. Headquartered in Denver, Accuvant has 25 offices across the United States. For more information on Accuvant, please visit http://www.accuvant.com/.