IBM Services to Aid PCI Compliance

A new IBM program takes companies through the entire PCI compliance process to help them secure payment card data.

IBM has launched a new program Nov. 1 for companies pursuing compliance with the Payment Card Industry Data Security Standard in conjunction with a sweeping data security standard.

The comprehensive program is designed to take companies through the entire PCI (Payment Card Industry) compliance process, from assessment to compliance to certification, to help them meet all 12 PCI requirements for safeguarding customer credit card data.

"As many merchants have learned in recent years, meeting some or even most of the mandated PCI requirements is no longer sufficient," said Kristin Lovejoy, director of strategy for Governance and Risk Management at IBM, in a statement.

"As a global leader in security technology and consulting services, IBM has the knowledge and expertise to provide a comprehensive solution for helping merchants comply with the PCI standard."

According to a recent report by VISA USA, 65 percent of the nation's largest retailers are now compliant with PCI.

The announcement by IBM comes as the same time as an announcement about a new holistic strategy towards data protection, which will include a $1.5 billion investment by the company in 2008.

The company has also made data security a key component of its Information On Demand initiative, with moves such as the Princeton Softech acquisition—which added data masking capabilities—and a strong partnership with encryption vendor Vormetric.


Click here to read more about IBM's plans to spend $1.5 billion on data security systems.

To help customers meet all 12 of the PCI DSS (Data Security Standard) requirements, the IBM PCI program includes consulting services for compliance gap analysis, remediation, validation, ongoing testing and reporting, as well as a range of products that help organizations with each aspect of security planning, management and compliance reporting.


The service involves a five-phase program that includes a security assessment; a design phase to develop security strategy, policies, standards and procedures, as well as incident response planning and security architecture design and implementation planning; deployment; management and education.

"PCI has quickly become one of the biggest IT challenges of this century," said Doug Medina of Hughes Network Systems, a global leader in broadband satellite networks and services.

"Many vendors and consultants claim they can solve the problem, but most only offer a partial solution. By working with IBM, Hughes has successfully met every deadline for PCI compliance."

Check out's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.