New Automated Solution Enables Consultants and Merchants of all Sizes to Quickly and Cost-Effectively Meet Upcoming Deadlines
Redwood City, CA — April 18, 2005 — Qualys, Inc. today announced it has successfully completed the MasterCard Site Data Protection (SDP) compliance testing process and extended its QualysGuard on demand vulnerability management platform to include automated, self-service SDP compliance testing and reports. As an SDP compliant scanning vendor, Qualys is certified to help online merchants and their consultants evaluate the security of Web sites that store MasterCard account data, and achieve compliance with the Payment Card Industry (PCI) Data Security Standard.
Beginning June 30, 2005, MasterCard will require online merchants processing over $125,000 in monthly MasterCard gross volume to perform an annual self-assessment and quarterly network scan.
“The payment card industry’s security requirements (PCI, SDP, Visa CISP) apply to all merchants with an Internet facing IP, not just those doing e-commerce, so the magnitude of retailers this program affects is significant,” said Avivah Litan, vice president and research director at Gartner.
Qualys has achieved compliance status by proving their ability to detect, identify and report vulnerabilities common to flawed web site architectures and configurations. These vulnerabilities, if not patched in actual merchant Web sites, could potentially lead to an unauthorized intrusion. By proactively identifying and providing the opportunity to remedy such vulnerabilities, SDP-compliant products offer a means for reducing risk of intrusion and data compromise.
“The payment card industry’s security standards are converging, which will simplify the compliance process, but achieving compliance with these standards can still be very costly for both merchants and acquiring banks. The more the process can be streamlined and automated, the easier it will be for everyone,” said Litan.
Jim Aviles, manager of product and technology at Merchant E-Solutions, said, “The new credit card compliance functionality in QualysGuard makes PCI compliance as easy as pushing a button. This level of accuracy and automation helps us save significant time and costs in demonstrating compliance with PCI. It also helps us ensure the integrity of our credit card processing infrastructure that is used by more than 150,000 merchants.”
The QualysGuard vulnerability management solution now includes a pre-defined scan profile that enables merchants and their consultants to scan payment systems according to MasterCard’s requirements. QualysGuard provides merchants and consultants with a blueprint for correcting found vulnerabilities. In order to achieve compliance, the merchant must correct all medium to severe security risks found by QualysGuard. Once merchants have fixed the vulnerabilities, QualysGuard auto-generates an SDP compliance report that can be submitted directly to the acquiring bank.
“The Site Data Vendor Compliance Program reflects our ongoing commitment to helping our customers and online merchants evaluate and improve the security of their Web sites in a timely and affordable manner. The end result we are striving for improved overall channel security is a win-win for all parties involved,” said Stephen Orfei, senior vice president and head of the MasterCard e-Commerce Center of Excellence.
The Vendor Compliance Program requires a two-step process. The first step is to complete an online application form, which can be found at the SDP Web site. The application provides MasterCard with an overview of the applying organization, along with a detailed assertion by the security vendor that their solution is compliant with or exceeds the requirements set forth in the MasterCard Security Standard. After applying for compliance testing, the second step is for vendors to undergo a rigorous evaluation cycle that spans across a wide range of Web servers, firewalls, and operating systems an environment controlled and managed by MasterCard.
The SDP Compliance Testing program is an expansion of MasterCard’s Site Data Protection Program™, a comprehensive, proactive and cost-effective set of global e-commerce and financial security services designed to help protect the Web sites of its customer financial institutions, online merchants and other payment processors holding MasterCard account information.
Pricing and Availability
The MasterCard SDP compliance module will be available with QualysGuard 4.0 at the end of April, 2005. See also today’s announcement “Qualys Introduces Policy Compliance to Widely Adopted On Demand Vulnerability Management Platform” at www.qualys.com/company/newsroom/newsreleases/usa/pr.php/
Pricing for the MasterCard SDP compliance module is $495 for QualysGuard Express customers and $2,495 for QualysGuard Enterprise customers.
Qualys’ MasterCard SDP compliance reporting is also available through a number of its consulting partners, including: BDO Seidman, Digital Resources Group, Dimension Data, DynTek, Inc., FishNet Security Assessment Services, Fujitsu Transaction Solutions, Inc., Information Exchange, Inc., MasterCard SDP Service/Ubizen, NRM Network Risk Management, One-Sec, Ltd., Protiviti, Inc., and Strategic Profits, Inc.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Contact: Ben Trounson