Data security firms start Payment Card Industry Vendor Alliance

A handful of data security companies announced they're forming a new alliance to advocate for firms who must comply with the payment card industry data security standards (PCI DSS). The group, called the Payment Card Industry Security Vendor Alliance (PCI SVA), will work with the PCI Security Standards Council to develop a non-partial method of evaluating compliance-focused products, said Chris Farrow, director for Configuresoft’s Center for Policy and Compliance and an organizer of PCI SVA.

The PCI Security Standards Council was formed in September by payment card companies and is composed of merchants, banks and point-of-sale vendors. Though the council is has worked to educate those affected by PCI DSS, while maintaining the standards to keep up with current threats, the amount of guidance it has provided on related data security products is limited.

"The Payment Card Industry Vendor Alliance was formed to address a gap in the certification coverage that the PCI Council and card payment brands put forth," Farrow said. "They currently certify qualified security assessors and scanning vendors, but they provide no guidance or certification for the various solutions that merchants, member banks and vendors would have to purchase to actually be PCI compliant."

Farrow said one of the major goals of PCI SVA is to help the council start and staff a program to provide unbiased product certification. Already the group has begun its advocacy work by lobbying for a few vendor seats on the council.