Wednesday, May 23, 2007
NOVA Launches PCI Compliance Program For Small Businesses
By Holly Lytle
Offers AmbironTrustWave’s Risk Profiler to Help Merchants
ATLANTA - 23 May 2007 - NOVA Information Systems (NOVA), a wholly owned subsidiary of U.S. Bancorp (NYSE: USB) and a leader in the payment processing industry, has launched a data security compliance program to help "Level 4" merchants comply with the Payment Card Industry Data security Standard (PCI DSS). According to the PCI DSS, Level 4 merchants are defined by processing fewer than 20,000 e-commerce transactions and/or fewer than 1 million Visa® or MasterCard transactions annually. NOVA currently processes for more than 850,000 merchants in North America, most of which meet the Level 4 criteria.
To help small businesses better secure credit card information they process and/or transmit, all of NOVA’s Level 4 merchants will now have access to AmbironTrustWave’s Risk Profiler, an automated risk analysis engine. The tool has primarily been used by acquirers and ISOs to identify and aggregate risk across their entire merchant base. NOVA’s implementation will allow its merchants to directly access the tool and complete a series of questions about acceptance methods, point-of-sale system, transaction volume and other parameters. Once completed, a risk score is provided along with recommendations for the merchant to achieve PCI DSS compliance.
“The protection of consumer and card data is imperative for merchants of all sizes,” said Gerry Tilson, vice president, Card Association Compliance, NOVA. “As larger retailers implement PCI-compliant systems, fraudsters will have even more of a tendency to move downstream to smaller businesses. Together, NOVA and AmbironTrustWave are working toward end-to-end security for all merchants in our base.”
“While much of the attention regarding PCI DSS compliance for the past couple years has focused on the large merchants and service providers, the trends indicate that small businesses are just as vulnerable to a data security breach,” said Robert McCullen, chairman and CEO, AmbironTrustWave. “We applaud NOVA for taking such a wide-scale proactive step in protecting cardholder data and mitigating risk for all of its merchants.”
Small businesses tend to be victimized by hackers more than large businesses. In fact, according to an analysis of AmbironTrustWave data compromise investigations, Level 4 merchants account for more than 80 percent of the cases in which credit card data is stolen from merchants. More than 90 percent of compromises are caused by a security flaw in a third-party software or service used by merchants to process credit card transactions. The average compromise case results in the exposure of approximately 40,000 credit cards*.
AmbironTrustWave developed the RiskProfiler in 2005, and since then several large acquirers and ISOs have used the RiskProfiler to identify and aggregate their risk across thousands of merchants.
AmbironTrustWave is a global provider of information security and compliance management solutions to businesses and the public sector. The company has serviced more than 30,000 organizations throughout the world including banks, merchants, service providers and software developers that are required to validate compliance with industry best practices for safeguarding information endorsed by American Express, Discover, MasterCard Worldwide, Visa International and Visa USA. AmbironTrustWave is headquartered in Chicago with offices throughout the United States, Europe and Asia. For more information, visit www.atwcorp.com..
NOVA Information Systems, a leader in the payment processing industry is a wholly owned subsidiary of U.S. Bancorp (NYSE: USB). NOVA and euroConex, its European affiliate, provide global merchant processing services to financial institutions and clients in the United States, Canada, and Europe, and currently support more than 1,000,000 merchants worldwide. For more information, visit www.novainfo.com.
Back To News