Qualys eases PCI compliance

Qualys tool should help firms meet the requirements of card payment rules

Vulnerability management specialist Qualys has launched a platform designed to help organisations that accept credit card transactions online comply with new Payment Card Industry (PCI) standards.

Recently in IT Week we reported the risks many firm face if they fail to comply with the standard, which focuses on the secure storage and processing of customers' card details.

The QualysGuard PCI On-Demand platform features an easy-to-use dashboard that helps to guide firms through all the processes they need to complete PCI certification, including the completion of a self-assessment questionnaire.

Qualys scanning technology is also built into the platform, enabling firms to locate and remediate vulnerabilities in accordance with PCI rules. Automated report preparation, meanwhile, eases the process of reporting compliance to the acquiring banks and leaves an audit trail enabling firms to show due diligence in the event of a data breach, explained Qualys chief marketing officer, Amer Deeba.

"We've tried to simplify and automate the compliance process, reducing costs and making it very easy for the end-user," he added. "It doesn't just impact retailers; anyone who accepts credit card transactions, such as hospitals, universities and local councils [are liable]."

Qualys is also offering banks a PCI dashboard to enable them to track the ongoing compliance status of online retailers and other organisations. Acquiring banks may have to cover the risks associated with data breaches if the merchants are unable to pay for card re-issuing and associated costs after a breach, according to Deeba.

Roy Harari of IT security consultancy Comsec Consulting said that in the past six months there has been a surge in interest in PCI. "The earliest versions were nice-to-haves but now [the PCI] has invested some effort in creating real best practices so the standard has pure security benefits as well as the incentive to firms of not being penalised [for non-compliance]," he added.