RSA Launches PCI Compliance Packages
The packages address tightening deadlines imposed on all of MasterCard's Level 2 retailers and 282 of Visa's, which process between one and six million credit card transactions per year. Level 2 retailers are required to be PCI compliant by the end of the calendar year. Subsequently, retailers who fail to meet deadlines will face steep fines and fees, and ultimately run the risk of losing their credit card processing rights.
RSA execs say that the new offerings are designed to allow Level 2 merchants to apply a set of enterprise-level solutions quickly and affordably in order to stay on track to meet their deadlines.
"One of the trends we've seen is that this is a particularly painful point for Level 2 merchants facing compliance deadlines from Visa and Mastercard," said Brad Davenport, solutions marketing manager for RSA. "(The package) is going to address many of their immediate needs. December 31 is not that far away."
One of the packages contains authentication, security information and event management solutions while the second one features the same solutions but with the addition of encryption technologies. Both packages address PCI requirements 3,7,8 and 10 of the 12 delineated data security standards. Specifically, the packages incorporate standard RSA products such as the SecurID appliance bundle for authentication functions, the event manager enVision platform, RSA's File Security Manager for data protection and the RSA DLP RiskAdvisor service, which is included as an optional service to help businesses locate cardholder data within their system.
In addition to the packages, Davenport said that RSA is encouraging partners to offer installation and implementation services for the enVision component as well the file security component.
"We really wanted to select form factors of our products that will allow them to get up and running quickly," said Davenport.
Davenport said that the encryption feature was included in only one of the packages based on the fact that not all customers would require encryption to adhere to their PCI objectives.
"It really depends on the business model," he said. "We didn't want to force customers to buy something that they didn't need."
While RSA offers each solution individually, the comprehensive bundle enables partners to give retailers a boost in meeting numerous PCI requirements in one comprehensive package, executives say.
Davenport said that arguably all of RSA's partners sell products required by the PCI mandate, and many have incorporated compliance-oriented services specifically targeting that area of the market. He said he also expect PCI compliance opportunities to grow as deadlines become realized and more smaller merchants are required to beef up their security infrastructure.
"We've seen a lot of partner focus on PCI and we expect that to continue to grow in the future," said Davenport. "(Compliance) is much more difficult than it was initially perceived. This isn't going away."