VeriSign, Inc. (Nasdaq: VRSN), the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today announced that it has achieved compliance with three highly coveted industry certifications: The Visa Cardholder Information Security Program (CISP), MasterCard Site Data Protection (SDP) program and the American Institute of Certified Public Accountant's (AICPA) Statement of Auditing Standards #70 (SAS70).
Each certification underscores a strong VeriSign commitment to making security a central focus of its development efforts and protecting the safety and integrity of customer data.
In today's global economy, service organizations and providers must demonstrate that they have adequate controls and safeguards in place when they host or process customer data. To address these needs, both Visa, MasterCard and the AICPA have established standards to protect cardholder information in all organizations that store, process or transmit data.
"The extraordinary rise in online shopping has also precipitated fraud, hacking and other malicious activity. For consumer confidence to remain intact, merchants, and their customers, need to know their information is safe and protected," said Trevor Healy, vice president, VeriSign Payment Services. "These certifications serve as further proof to our 134,000 merchant customers that VeriSign takes its role in processing e-commerce transactions very seriously, taking all the steps necessary to protect essential customer data."
Visa CISP is a set of 12 industry-wide requirements designed to protect sensitive information from being compromised. As part of the certification process, VeriSign employed an independent, Visa-qualified, auditor to perform a thorough inspection of the VeriSign payment processing environment. This process included an intensive review of the procedures VeriSign uses to classify, access, and store sensitive information. In addition, VeriSign performed and in-depth analysis of network and system architecture, a complete assessment of IT policies and procedures, and an on-site inspection of physical data-center facilities.
Complying with MasterCard SDP involved a two-step process. VeriSign completed a self-evaluation of its security procedures, with a detailed analysis of its Web infrastructure, to showcase VeriSign's compliance with MasterCard standards. MasterCard then performed compliance testing, scanning VeriSign Payment Services solutions in a controlled environment to ascertain their viability.
The SAS70 compliance process involves a formal, in-depth report by a third party auditor that analyzes the design, implementation, and operational effectiveness of the controls that reside within a service organization. The SAS70 audit report allows service organizations to disclose their control activities and processes to customers, thus demonstrating adequate controls and safeguards are in place. The addition of Section 404 of the Sarbanes-Oxley Act make SAS70 audit reports even more important to the process of reporting effective internal controls.