Financial, Regulatory, and Security Program Compliance Services

To ensure that your organization is in complete compliance with regulatory laws and internal policies, Secure20 offers expert consultants who have many years of experience in risk assessment and in auditing complex systems for numerous financial institutions

Are you in compliance with these new and complicated security programs and regulations?

• Sarbanes-Oxley Act
• Gramm-Leach-Bliley Act
• HIPAA
• American Express Data Security Program
• MasterCard SDP
• VISA CISP
• REALTOR® Secure
• California SB 1386

MasterCard (SDP) and Visa (CISP) Information Security Programs

In April 2000, Visa U.S.A. published its Cardholder Information Security Guidelines that provide a foundation for effective security. In September 2000, Visa followed with a publication of the Cardholder Information Security Program (CISP). The Visa Cardholder Information Security Program was created specifically for any and all "card-not-present" merchants and service providers who process or store cardholder data and have access to that information as a result of Internet or mail/telephone acceptance of Visa account information. Most e-merchants or service providers that processes or stores cardholder data online and has access to that information as a result of the Internet must become CISP-compliant.

In Year 2003 MasterCard announced and even more stringent security program for its Acquirers and Merchants. The MasterCard SDP program can be more stringent in the sense that regular Network and Application security scanning must be performed by a MasterCard certified vendor on a regular basis. Secure20 is a certified MasterCard SDP Security Provider, one of only twelve (12) in the world today.

Is your business prepared?

These programs have a direct impact in protecting private consumer information. The effect on Acquirers and Merchants can be considerable. Visa’s efforts were designed to help e-Merchants meet a May 2001 deadline for compliance with 12 security guidelines. Visa developed these guidelines to protect cardholder data from hackers. 

These security programs address the four most critical elements in securing the online payments chain:

• cardholder identification and authentication;

• data security;

• fraud control; and

• protecting and streamlining the payment system

Acquirers and Merchants that comply will increase consumer confidence in e-Commerce and decrease the significant losses associated with fraud.

Why Comply?

Consumers Want Security - Recent media reports of hacker incidences, stolen credit card numbers, and identity theft have triggered – for consumers – a serious concern about information security. Today, consumers want absolute assurance from the businesses they are dealing with that their bankcard account and other personal identifiable information is safe.

Minimized Threat to Reputation and Financial Position - Financial and resource outlay is minimal compared to the costs associated with the reactive hiring of security and public relations specialists, or the loss of significant revenue and goodwill that can result from a compromise.

Competitive Edge - Consumer studies show that trust is a key factor in doing business with card-not-present merchants. Customers seek out merchants whom they feel are "safe."

Increase Revenues and a stronger bottom line - When it comes to improving profitability, a company's bottom line depends on adequate data security controls. With appropriate data security in place, you can protect your customers, limit risk exposure, and minimize the losses and operational expense that stem from compromised cardholder information.

Maintain a Positive Image - With the incredible growth of the Internet today, information security is on everyone's mind. Data loss or compromise not only hurts the cardholder, it can seriously damage a merchant's reputation.

Secure20 SDP Assessment and Compliance Services

As a leading provider of information security software and services, Secure20 can help your company understand the impact of the MasterCard SDP program that help to protect private consumer information. We have the high-security financial background and expertise in analysis, design, implementation, deployment, and post implementation analysis to help your organization achieve quick and ongoing compliance. Secure20’s security experts can assist with SDP readiness risk assessments. These are designed to provide an overall evaluation of your security architecture. This review includes a gap analysis of the your technical infrastructure, your policies and procedures, and transactions processing system. The result is a comprehensive report that identifies your current security posture and compliance readiness and identifies existing or potential gaps in meeting the SDP requirements and guidelines. Continuing assessments allow you to maintain your SDP certifications.

Secure20’s approach to SDP compliance is both comprehensive and flexible. We bring value to this process by ensuring compliance without unnecessary cost, delay or disruption and creating a secure infrastructure that will be the catalyst for achieving sustained competitive advantage.

The SDP Compliance Risk Assessment has three basic components:

Comprehensive security audit

• Review and assessment of all security policies, procedures, and business processes

• Vulnerability Assessment of information systems & credit card transactions processing systems

• Vulnerability/penetration testing of merchant’s website

Deliverables

The deliverables of the SDP Compliance Risk Assessments are:

1.) Gap analysis report detailing the extent to which business areas and infrastructure already comply and estimates for the amount of effort and expenditure necessary to achieve compliance

2.) Risk analysis with recommendations for each finding

3.) Compliance Plans to map initiatives necessary to meet SDP compliance

4.) Summary of Secure20’s Strategic Implementation Planning process

5.) A formal compliance statement and Compliance Report for submittal to MasterCard or Visa attesting to SDP compliance.

Gramm Leach Bliley Act  (GLBA) Compliance

In recognition of the importance of protecting personal financial information, the GLBA was signed into law on November 12, 1999.  The act dictates that financial institutions must, under 15 USC 6801 Section 501, 505(b) and 507, establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, physical and technical safeguards.

GLBA further states that "it is the policy of the Congress (and now the United States) that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information."   These safeguards must be sufficient to:

• insure the security and confidentiality of customer records and information;
• protect against any anticipated threats or hazards to the security or integrity of such records; and
• protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

These general compliance objectives have been further refined by financial institution regulatory agencies in subsequent guidelines.   Secure20 can assist financial institutions in achieving GLBA compliance per each agencies policies.  Please contact Secure20 if you have questions about what steps are required for your institution.

Contact us to get started right away. Use the Project Scoping Form to make the process even quicker.

Contact us now to get started.