PCI compliance woes

  Visa Inc. has reported that compliance with the Payment Card Industry Data Security Standard (PCI for short) "continued to grow" in 2007. Let's hope so. The deadline for major retailers to be compliant with the security specification was last September and mid-size merchants were told to be on board by the end of 2007. Still, 23% of the top-tier companies had failed to meet the deadline by the end of January and 38% of the second tier companies who accept credit cards were not meeting the standard. Visa has started fining companies as much as $25,000 per month to spur compliance. Ultimately, the company threatens to withdraw the merchants' right to accept Visa credit cards, though no one has been given that penalty yet.

Solidcore Systems Inc. in Cupertino, Calif. is shipping this week its S3 PCI Control Pro Edition for mid-size merchants and next week its S3 Starter Edition for smaller retailers. According to Bob Vieraitis, vice president of marketing, the software offers "continuous file integrity monitoring" of servers to assure that only authorized changes happen on the right machines at the right time per the PCI spec. The tools have complete audit trails for PCI verification purposes. The Pro Edition works with Windows, Linux, Unix and System i (AS/400) servers. The Starter Edition runs on Windows only. Pricing is on an annual subscription basis at $50 (Pro) and $25 (Starter).