Upcoming Webinars Archived Webinars Training Vitals Host A Webinar About Get Updates Contact
February 20, 2007 1:00pm – 3:00pm EST
PCI Data Security Standards

- Seana Pitt
, Chairperson of the PCI Security Standards Council and VP of Merchant Policy and Data Quality,      American Express, Global Network Operations
- Mark Lambert, Manager, Professional Services, Parasoft

Aligning PCI Data Security Standards with Pre-Existing Privacy and Security Mandates

Payment Card Industry (PCI) data security standards came in to place on June 30, 2005, developed by Visa, Mastercard, AmEx and Discover Card. “All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, are required to meet the PCI standard by June 30, 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs.” There are two things needed to meet PCI standards:

- Pass quarterly remote vulnerability scans
- Complete a security self-assessment questionnaire

As of Jan 11, 2006: According to Visa, only 15% of the 215 biggest retailers that accept its cards were fully compliant with the Payment Card Industry standard. MasterCard says 20% of its top-tier merchants have not even submitted plans for compliance. (334 merchants make up 50% of Visa’s annual volume of largest US merchants.)

Some attribute the lack of compliance to the complexity of the standard—it has 12 rules and 200 detailed sub-requirements governing such practices as use of firewalls and encryption of stored data. It also requires annual security audits to ensure the retailer remains in compliance.

Merchant banks whose retailers aren’t PCI compliant could be fined up to $500,000. Typically, banks pass penalties along to the retailer involved. The merchant also faces loss of its card-acceptance privileges.

Under the standard, retailers fall into four categories, based on transaction volume. Level one is composed of merchants that process 6 million transactions annually while level four merchants process 20,000 or less transactions per year. The data security requirements vary depending upon the level. Level 1 merchants have to have the internal and external audits on a regular basis. Levels 2 – 4 only need to have the internal auditing team perform audits. (Internet Retailer April 2006).

The deadline for compliance keeps getting postponed due to the overarching failure to comply of the majority of US Merchants. November 1, 2006 was a deadline, January is going to be another, but most retailers and solutions providers believe that June of 2007 will be the true deadline. Visa will begin levying fines in the months to come on acquirers whose merchants make no progress on compliance.

Take away points include:

  • How to implement PCI standards in conjunction with the other security measures and mandates companies have
  • How to maintain compliance in the long term

  • CISOs
  • CSOs
  • Chief Compliance Officers
  • CFOs
VPs, Directors, & Managers of:
  • IT
  • Security
  • Risk/Risk Management
  • Compliance
Within any enterprise that transmits or collects cardholder data

Parasoft is the leading provider of innovative solutions for automating software test and analysis and for establishing software error prevention practices as an integrated part of the software development lifecycle. Parasoft products and services enable software development and IT organizations to significantly improve visibility and control over the quality, costs and schedules of their software projects through the practice of Automated Error Prevention (AEP).
Parasoft's easy-to-use, scalable and customizable software error prevention solutions span the complete software development lifecycle and automatically test complex software systems from all relevant perspectives, from the Java, C/C++, and/or .NET code at the implementation layer, to the Web service / SOA at the messaging layer, to the Web front end.
Parasoft has more than 10,000 clients worldwide, including Boeing, Cisco, Disney, Ericsson, Fidelity, IBM, Lehman Brothers, Lockheed, Lexis-Nexis, Sabre Holdings, SBC and Yahoo. Founded in 1987, Parasoft is a privately-held company headquartered in Monrovia, CA.


For information about the recorded archive for this event contact Xtalks at (416) 977-6555 ext 371, or email register@xtalks.com



CA is a recognized leader in enterprise IT security and management software. CA offers comprehensive and integrated security management solutions that enable organizations to align security with corporate business processes, achieve operational efficiency, enable regulatory compliance, mitigate operational risk, ensure service continuity, and enable business growth. CA solutions address the entire spectrum of security challenges, including identity and access management, threat management, and security information and event management. CA security management solutions are in use today by the majority of the Fortune 500, helping these leading organizations reduce the complexity and cost of their security management while protecting critical corporate systems and data and enabling business growth. http://www.ca.com/security


Proven in nearly 4,000 customer sites around the world, Ecora provides the industry's only solution for automating regulatory compliance and IT best practices reporting.  Ecora is a critical business partner to those organizations looking to not only ensure – but prove – continual compliance with government and regulatory requirements-including Sarbanes-Oxley, GLBA, Basel II and HIPAA. The Ecora solutions dive even further with its powerful insight to help you prove and report on adherence to industry standards-such as PCI and SAS 70. And the compounded challenges created by evolving threats to the security of the IT infrastructure are virtually eliminated once the Ecora solutions help you take back control with automated and deep IT systems change and compliance reporting, disaster recovery and policy-based impact reporting.  For more information, visit http://www.ecora.com/



IT Security.com:  IT Security is a news and information publication covering all aspects of the IT Security marketplace. It was recently acquired by Tippit Inc. and has been re-launched as the premier source worldwide for IT Security information. The site provides original content covering viruses, vulnerabilities, news, events and background information in the market. It has strong relationships with members of the IT Security community and is rapidly building a unique, high-quality community of users and vendors. http://www.itsecurity.com/


Government Technology magazine is the leading publication on the market providing technology solutions for state and local governments in the Information Age. Unrivaled in market expertise, Government Technology magazine provides state and local government executives a reliable source of information on the vital role technology will play in reengineering the public sector. Top government executives everywhere - from governors to mayors, from CIOs to agency directors, and from judges to legislators - turn to Government Technology magazine as the trusted source for state and local government technology solutions across the nation. For your free subscription, log on to http://www.govtech.com/


Data Storage Connection is the premier site for data storage news and solutions. Our goal is to help storage end users and integrators find the information and solutions they're looking for. Our supplier directory introduces you to prominent technology providers. Our product showcase reveals a range of available products. We also offer a searchable, content-rich archive of white papers, case studies, and other educational resources.


Seana Pitt, Chairperson of the PCI Security Standards Council and VP of Merchant Policy and Data Quality, American Express, Global Network Operations

As inaugural chair of the PCI Security Standards Council, Seana will work with representatives from American Express, Discover Financial, JCB, MasterCard Worldwide and Visa International to drive awareness and adoption of the PCI Data Security Standard. The Executive Committee will also work to create education programs, establish pools of certified QSA’s and ASV’s and incorporate feedback from all stakeholders across the payment chain into the work of the council and the development of new standards.

At American Express, Seana Pitt helps drive the development and implementation of operating policies and procedures for the company’s extensive merchant network. Her key focus is ensuring that all American Express merchants and processing partners are protecting Cardmember information at every step along the transaction process.
During her 20 year career at American Express Seana has worked closely with merchants at many levels. She has been on the frontlines, selling and implementing POS and back-office products and solutions. She has also led development of merchant profitability and satisfaction improvement plans. For a time Seana lead the company’s Establishment Services North America Fraud Prevention unit where she worked to develop and implement fraud prevention tools and services that protect merchants against security threats. Additionally she has managed the American Express' relationship with Third Party Processors in the
US and Canada.
A frequent speaker at industry events held by the Electronic Transactions Association , Direct Response Forum and Retail Industry Leadership Association, Seana is also a board member of the Merchant Risk Council. Seana holds a BA in Biology from
Wheaton College.

Mark Lambert, Manager, Professional Services, Parasoft

Mark Lambert is the manager of Parasoft Corporation's Professional Services team, where he specializes in the application of automated error prevention tools into the development process. With over 8 years of practical Java experience, Lambert has a hands-on approach to development and the use of tools to improve quality throughout the development process. Lambert has been a speaker at numerous corporate and industry events, such as JavaOne, Software Test & Performance and StarEast.

Copyright © 2016-2017 Honeycomb Worldwide Inc.