ArcSight, Inc., a leader in enterprise security and compliance management solutions, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a Participating Organization and the PCI Security Vendor Alliance (PCI SVA) as a platinum member.
Through its role on the Standards Council, ArcSight will help to evolve payment card data protection standards including the PCI Data Security Standard (PCI DSS). As a member of the Vendor Alliance, ArcSight combines its knowledge and PCI-specific experiences with that of other technology vendors to support PCI DSS. These memberships highlight ArcSight's commitment to support the payment card industry as it addresses new challenges of protecting cardholder data.
The PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International as an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council's mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards.
As a Participating Organization on the PCI SSC, ArcSight has the opportunity to access and influence the industry's latest payment card security standards. ArcSight joins a community of nearly 350 organizations working on improving cardholder data protection.
The PCI SVA is a coalition of vendors that provide solutions and expertise in securing cardholder data. PCI SVA assists members of the payment card industry -- composed of merchants, banks, and point-of-sale vendors -- in educating the business community on the requirements and business value of the PCI DSS, a global benchmark intended to improve security throughout the entire payment-card transaction process. The PCI DSS is applicable to any enterprise that transmits, processes, or stores cardholder data including retail, hospitality, healthcare, entertainment, and others.
As a member of the PCI SVA, ArcSight will be able to share its unique understanding of customer business challenges as they relate to PCI compliance and provide insights into how it has met these challenges. The company will also gain knowledge from other members that will help it optimize its approach to managing PCI initiatives to its customers. Alliance members also have the opportunity to influence and advise on the growth of the PCI Data Security Standard.
"With the next deadline for complying with the PCI Data Security Standard arriving at the end of this month, we are receiving more questions from merchants looking to learn how to best secure their customers' data and meet all of the Standard's requirements," said David Taylor, board president of the PCI SVA. "Now that ArcSight is a member of the Alliance, we can leverage the company's valuable input to build awareness of just what is required to deliver a comprehensive PCI DSS solution."
"Through our memberships in the PCI SSC and PCI SVA, ArcSight will be able to share knowledge about customer needs while also increasing collaboration across many participating organizations," said Reed Henry, senior vice president of marketing and business development at ArcSight. "This will help the industry evolve standards that better address customer challenges today and in the future."
With the recent spotlight on PCI, merchants are challenged to comply for a variety of reasons. The 12 PCI guidelines span not only point-of-sale (POS) systems that actually handle the credit card data directly, but the entire underlying infrastructure that interconnects a payment system. Customer and cardholder data can be strewn throughout a merchant's infrastructure, with brick-and-mortar retail outlets often the most vulnerable to risk (based on existing data breach cases) and where the biggest technical challenges of deployment exist. In many cases, merchants are saddled with an infrastructure that has reached its technical limits and cannot provide all the functionality mandated by PCI. Required audits and audit preparation cycles are expensive in both technology and labor to implement, support and test. PCI itself is a moving target, as requirements are expected to continue to evolve over time; and furthermore, being PCI compliant does not ensure an organization against damaging cardholder breaches, which prominent retailers can attest to.
The ArcSight PCI Protection Suite helps merchants cost-effectively address these challenges, providing the following clear benefits:
- Comprehensive automated monitoring across PCI-affected assets to reduce workload and to eliminate human error associated with manual monitoring.
- Centralized monitoring and distributed data collection at remote sites, with support for hundreds of devices and applications, including legacy systems, to provide organizations overall visibility into their distributed cardholder infrastructure and networks.
- Continuous oversight of PCI controls and automated test procedures to meet fiduciary responsibility efficiently.
- Support for current and evolving compliance and governance initiatives for continued life-cycle value.