RSA, The Security Division of EMC (NYSE:EMC), today announced two packages of information security products designed to help Level 2 Merchants address their immediate challenges associated with Payment Card Industry (PCI) Data Security Standard (DSS) compliance.
Visa USA and MasterCard define Level 2 Merchants as any business annually processing between 1,000,000 to 6,000,000 credit card transactions, regardless of acceptance channel, per year.
The RSA packages are designed to allow Level 2 Merchants to apply a set of enterprise-quality solutions -- including data discovery, encryption, role- based access control, strong authentication, security information & event management and compliance reporting -- to their toughest PCI challenges. One package contains strong authentication, security information & event management and encryption solutions, while the second package contains strong authentication and security information & event management offerings. These technologies can be used to help merchants comply with PCI requirements 3, 7, 8 and 10, while also helping organizations to actively demonstrate this compliance. The need for a packaged set of PCI solutions for Level 2 businesses was identified in a whitepaper recently commissioned by RSA, highlighting original research by analyst firm Enterprise Management Associates into the challenges that Level 2 businesses face with respect to PCI DSS compliance.
"With its introduction of PCI packages for Level 2 businesses, RSA, The Security Division of EMC, is bringing to market a set of actionable PCI solutions for this class of organization," said Scott Crawford, Research Director of Enterprise Management Associates. "Leveraging its thought leadership in encryption, strong authentication, role-based access control and security information and event management, RSA's PCI packages put enterprise- grade tools within the reach of the Level 2 business."
All MasterCard and 282 of Visa's Level 2 Merchants are required to validate PCI compliance prior to December 31, 2008. Due to the repercussions associated with failing to comply, including increased fees, fines and ultimately losing the right to accept credit cards, today's businesses face unpre unprecedented levels of accountability for securing cardholder data.
"Customers have made it clear that while progress has been made with respect to cardholder data security, initially demonstrating and maintaining PCI compliance remains one of the broadest and most complex challenges faced by businesses, payment processors and banks of all sizes," said Steve Preston, Senior Director, Solutions Marketing at RSA, The Security Division of EMC. "This challenge is particularly significant for the Level 2 Merchants facing compliance deadlines on December 31, 2008. By delivering inclusive security packages specifically designed for Level 2 businesses, we can help our customers get closer to where they need to be by year-end."
RSA's PCI Packages for Level 2 Businesses
These two distinct PCI packages offer actionable, enterprise-class security products to Level 2 Merchants facing immediate challenges associated with PCI DSS compliance. Complemented with installation services, the individual components are available in easy-to-deploy form factors and are also highly scalable - allowing for future expansion and the ability to address additional security and compliance initiatives.
Individual components include:
Strong Authentication: RSA SecurID(R) 25-User Hardware Appliance Bundle To help organizations address PCI DSS requirement 8, which calls for strong authentication, the RSA PCI packages include a 25-user RSA SecurID appliance bundle, which contains a hardware appliance, hardened operating system, RSA(R) Authentication Manager software, hardware support, cabling, documentation, and 25 RSA SecurID 700 tokens.
Security Information and Event Management: The RSA enVision(R) platform To help businesses track and monitor access as mandated in PCI DSS Requirement 10, RSA's PCI packages include an RSA enVision appliance capable of handling 2,500 sustained events per second. An additional design and implementation service for the RSA enVision solution complements the packages.
Data Protection Option: RSA(R) File Security Manager To address PCI DSS Requirement 3, which details data protection best practices, one version of the RSA PCI packages contains RSA File Security Manager. This option is designed to enable the transparent encryption of both production and non-production files and folders for Windows(R) based systems.
Data Discovery Option: RSA(R) DLP RiskAdvisor Service (Optional Addition) Securing credit card data as required by the PCI DSS is impossible without finding the data first. The RSADLP RiskAdvisor Service is an optional addition to the PCI packages and is engineered to help businesses determine where cardholder data resides across endpoints and within data centers.
While the offerings in the RSA PCI packages are configured to help Level 2 businesses tackle their immediate PCI challenges, these technologies can be expanded over time to address future additional security and compliance initiatives.