ConCardis Press releases

Frankfurt/Main, October 13, 2009. The Internet platform initiated by ConCardis for the PCI Data Security Standards is now ready for launch following a successful test phase, enabling ConCardis to support its clients and partners in implementing the required security standards and obtaining PCI certification simply and conveniently.

With immediate effect, ConCardis merchants will be able to assess their PCI compliance and obtain certification in line with card organisation requirements via the website www.pciplatform.concardis.com. The website was developed by ConCardis in cooperation with IT consultants usd.de AG (authorised PCI certifiers) and contains detailed information on the disclosure and documenta-tion processes to be adhered to. A professional telephone hotline and e-mail service is available in the event of queries.

The Payment Card Industry Data Security Standards (PCI DSS) are comprehensive global requirements developed by the leading international credit card organisations. They include binding rules for all companies which accept, process, store or disseminate card data, in order to better protect the data from misuse and theft. Merchants have to carry out various internal and external assessments depending on their annual card transaction volume, in order to prove their “PCI Compliance”. This involves checks on everything from the company's network architecture to how employees handle critical data.

All merchants and service providers, e.g. hotels and restaurants with card acceptance, have to be PCI compliant and in some cases must also be PCI certified. Non-compliance risks hefty fines and expensive legal action in the event of misuse or loss of card data.
Moreover, should data theft become public knowledge, this may permanently damage a company’s reputation, which often leads to considerable losses of income.

PCI certification involves twelve central requirements, from installing a firewall, through access policies to regular tests of the security system. Merchants and service providers in certain categories are even subject to security scans in order to expose weakness in the architecture and configuration of the systems tested, which offenders could exploit to compromise credit card data. The systems are checked via the Internet using security scanners.

“It was important to us to offer our clients and partners the ConCardis PCI platform as a convenient and cost-effective alternative to monitor the security of their payment systems on a permanent basis and obtain certification in line with PCI DSS,” said Manfred Krüger, CEO of ConCardis GmbH. “This is another key component of our comprehensive service offering, reinforcing confidence in credit card payment through increased data security.”

ConCardis places the highest priority on the issue of security in cashless payment solutions – both for transactions in which the cardholder is present and in distance selling. It has established comprehensive advisory services for clients and partners and just recently published a set of guidelines in cooperation with ibi research entitled “Der richtige Umgang mit Kreditkartendaten” (Handling credit card data correctly) available to download in German at www.concardis.com.