Data security firms start Payment Card Industry Vendor Alliance

The group, called the Payment Card Industry Security Vendor Alliance (PCI SVA), will work with the PCI Security Standards Council to develop a non-partial method of evaluating compliance-focused products, said Chris Farrow, director for Configuresoft’s Center for Policy and Compliance and an organiser of PCI SVA.

The PCI Security Standards Council was formed in September by payment card companies and is composed of merchants, banks and point-of-sale vendors. Though the council has worked to educate those affected by PCI DSS, while maintaining the standards to keep up with current threats, the amount of guidance it has provided on related data security products is limited.

"The Payment Card Industry Vendor Alliance was formed to address a gap in the certification coverage that the PCI Council and card payment brands put forth," Farrow said.

"They currently certify qualified security assessors and scanning vendors, but they provide no guidance or certification for the various solutions that merchants, member banks and vendors would have to purchase to actually be PCI compliant."

Farrow said one of the major goals of PCI SVA is to help the council start and staff a program to provide unbiased product certification. Already the group has begun its advocacy work by lobbying for a few vendor seats on the council.

PCI SVA also hopes to be a driving force in educating those affected by PCI DSS about specific aspects of the standards, an endeavor that some analysts still believe is necessary.

"Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," said Jon Oltsik, senior analyst for Enterprise Strategy Group. "The PCI SVA is a valuable component in addressing this issue holistically."

Click here to email West Coast Bureau Chief Ericka Chickowski.

alliancedatafirmsindustrypaymentsecuritystartvendor