| The Aegenis Group, led by Chris Mark, Mike Dahn, and Dr. Heather Mark, is pleased to debut our newsletter, The Aegis. The Aegis will contain news about our industry and our company. New product announcements, upcoming events and similar news will be sent via the newsletter. Additionally, The Aegis will contain pertinent security and risk news within the electronic payments industry. We very much look forward to your feedback on our newsletter.
|
| Visa USA Releases VBR Addressing Level 4 Merchants
Brand will require plan to address risk and compliance within Level 4 Population |
|
Recently, Visa USA published their Visa Business Review. In this publication, Visa USA announced a program that mandates acquiring banks to have a plan to address risk within their level 4 merchant population. The plan for addressing risk within this group must be submitted to Visa USA by July 31, 2007. According to the VBR, this plan must include a plan to address risk within the group as well as a compliance strategy that includes steps for 1) eliminating prohibited data 2) protecting stored data, and 3) securing the environment according to the PCI-DSS. Another major element of the plan includes a merchant education plan. Initially this may seem to be a daunting task. Fortunately, The Aegenis Group has developed a suite of solutions that can help acquirers meet the exacting standards of the VBR.
The Aegenis AR2 Risk Model Helps Prioritize Merchants By Risk
The Aegenis Group has a developed the AR2 Acquirer Risk Model, a patent-pending methodology that allows acquirers to quantify and prioritize their merchants according to potential for exposure. This enables acquirers to quickly identify the areas of greatest risk within their specific portfolio. This allows acquirers to easily prioritize merchants and more strategically target their compliance and risk management efforts where they will have the greatest immediate impact.
The Aegenis Group Provides Education and Training on PCI and Regulatory Compliance Issues
Using accepted theories of adult learning, The Aegenis Group has carefully and thoughtfully developed a proprietary training methodology. The methodology ensures that the training is applicable to each audience, whether that is a a company satisfying a training requirement for their staff or an acquirer providing education to thier merchants.
For more information on any of the products or services provided by The Aegenis Group, please email us at info@aegenis.com. |
| Industry News and Events
Two States Strive to Codify PCI Requirements
In the past several weeks two states have attempted to enact laws that would codify portions of the Payment Card Industry Data Security Standards. The Texas bill (House Bill 3222), which has stalled in committee, created de facto requirements that were neither intended nor supported by the card brands. Among those requirements would have been an onsite validation by a Qualified Security Assessor on a quarterly basis.
Meanwhile, Minnesota was successful in passing a bill making it illegal for companies to store certain types of data related to electronic payments. The bill, which can be found here, makes companies legally liable for a multitude of costs should a breach occur and prohibited data is exposed. Prohibited data is defined as PIN Block, CVV2, Chip data, Magnetic Stripe data and similar information. This is data that the card brands presently regulate and consider to be prohibited information.
TJX Breach News Continues
In a set of news releases last week, it was announced that TJX has settled lawsuits with 44 states related to their January announcement of a data breach. It was also made known that HarborOne Credit Union is charging TJX $590 K to cover both monetary and repuatational damage suffered by the credit union as a result of the data breach.
The compounding fines, lawsuits and penalties associated with this breach emphasizes the need, not only to ensure compliance with the PCI-DSS, but also to ensure that companies, even unknowingly, are not storing prohibited data. |
| |
About The Aegenis Group
The Aegenis Group is dedicated to helping companies navigate the choppy waters of data security, information risk, and privacy regulation. The Aegenis Group believes that the ability to understand not just the regulatory mandates themselves, but their total impact on the business environment can act as a compelling tool for business enablement. From understanding the ways in which your products and services can protect sensitive data to making the right compliance decisions for your business environment, The Aegenis Group can assist your company in facing the risks associated with an increasingly complex landscape of the business world.
Sincerely,
The Aegenis Group |
|
|
|
| Visa USA Release VBR Addressing Level 4 Merchants |
| Visa USA is requiring acquiring banks to create and submit a plan by July 31, 2007 to address Level 4 Merchant Risk. For more information, please email us at info@aegenis.com. |
|
|
