Visanet, Visa's global payment processing network, selected Modulo Risk Manager to have 70 percent of its merchants in Brazil comply with the Payment Card Industry/Data Security Standard (PCI DSS) by the end of 2008.
The rate should reach 100 percent in December 2009, when the period expires for all those who operate with credit cards institute the 12 electronic payment security requirements required by PCI DSS. The new standard is an industry initiative to reduce frauds and make cards transactions safer.
"In order to find new technologies for the PCI compliance program, we researched the market and the best tool we found was Modulo Risk Manager," says Sergio Cloves, Visanet's information security manager. The company began to get internally ready to meet the new standard's requirements in June 2006.
Visanet used questionnaires to analyze risks in 60 internal systems and several third-party providers such as data centers, telecommunications companies, etc. After X-raying partners' internal processes and operations to measure the degree of PCI compliance, it decided to use the same technology to assess PCI compliance in its network of accredited 3,600 establishments, who were divided in two groups: the first includes major retailers, responsible for 80% of credit card payments, and totalizing 340 networks; the second comprises shopkeepers, which process the remaining 20 percent of the transactions.
According to Cloves, Visanet is now working in this phase, and expects that company will comply with all security rules defined by the standard. He says that, by using Modulo Risk Manager, Visanet quickly completed the first phase of process analysis. "We saved precious time because the software was ready for PCI," says Cloves. "Without this tool we couldn't get the job done as planned."