SAN MATEO, CA, January 17, 2009 /24-7PressRelease/ -- Digital Resources Group (DRG), a leading provider of data security and compliance solutions, today announced that its Payment Card Industry Data Security Standard (PCI DSS) solution portfolio - a robust suite of products and services designed to help financial institutions, acquirers and merchants to respond to the pressing IT security challenges associated with PCI DSS - is now available in Latin America and Caribbean Region (LAC). DRG has successfully completed the PCI Security Standards Council (SSC) testing process and has been approved as a PCI Qualified Security Assessor (QSA) for LAC. DRG is also an Approved Scanning Vendor (ASV) and Payment Applications Qualified Security Assessor (PA-QSA) listed on the PCI SSC website. As deadlines for merchant's compliance near, DRG's solutions will help business discover, secure and control access to cardholder data - and ease the process of proving PCI DSS compliance.
The PCI Data Security Standard is a framework of best practice requirements for all organizations that store, process or transmit cardholder data. Developed by the major payment card brands, the PCI DSS is global in scope and applicable to business of all sizes - online and offline. In many regions including LAC, the PCI program is referred to as the Account Information Security (AIS) program. AIS and PCI are aimed at protecting cardholder information regardless of its location, ensuring that banks, merchants and service providers maintain the highest information security standards. The Standard covers a wide range of best practices, such as IT security policy, data encryption, user authentication, physical and logical access control, logging and reporting, application security and perimeter IT controls. More information on the council and the standard can be found at http://www.pcisecuritystandards.org.
"Companies in Latin America and Caribbean handling cardholder data now face tighter requirements for ensuring the security of that information. The challenges are significant - companies must understand where card data resides throughout the organization and use best practices to ensure this data - and access to it - is secure," said James Cowing, CISSP, QSA, PA-QSA and Managing Director of Digital Resources Group. "DRG is excited to have the opportunity to extend our PCI compliance solutions to the region so that we can help customers prove that they've taken the precautions necessary to protect their customer's confidential data, and that they're actively monitoring for unauthorized access."
Compliance with PCI DSS has been gaining momentum within the Latin America and Caribbean (LAC) region as major processors in numerous countries across the region have established deadlines for merchants to validate PCI/AIS compliance by the end of 2009. As of December 2008, the Nilson Report published the total volume of credit and debit card volume for the region at US $255.9 billion with the top 25 acquirers of the region processed 6.4 billion credit and debit card payments from 3.1 million active merchants in 2007.
DRG PCI DSS Solution Portfolio
DRG offers a full scope of PCI compliance programs to meet the individual needs of Level 1-4 Merchants, Service Providers, Third Party Providers, Data Storage Entities, Point-of-Sale Providers and Acquiring Institutions.
Onsite Assessments DRG provides onsite security assessments, PCI validation and self-assessment guidance services for Merchants and Service Providers to meet their initial and annual PCI compliance requirements.
Remediation DRG's depth of experience paired with its comprehensive remediation services offering helps companies implement effective risk reduction programs that are necessary to build and maintain a compliance program.
Network Scans DRG's fully automated vulnerability scanning service, SecureScanTM, provides merchants and service providers with a simple and cost-effective way to identify and remediate perimeter vulnerabilities as required by PCI DSS.
PA-DSS Validation By providing security testing and documentation review services for paument application software developers, DRG helps to ensure POS applications comply with PCI requirements.
Penetration Testing In accordance with PCI DSS requirement 11.3, DRG provides annual services utilizing a comprehensive set of tools for network and application layer penetration tests.
PIN Security DRG provides PIN security audits that meet the Visa PIN and ATM network TG-3 requirements. DRG can guide customers in the secure management processing and transmission of Personal Identification Number (PIN) data during online and offline payment card transactions processing at ATMs, and attended and unattended point of sale (POS) terminals.
DRG has established a regional partnership with Grupo de Recurso Digital, based in Santo Domingo, Dominican Republic, to provide a local presence to the region and facilitate account management. "We are excited to be collaborating with DRG to extend the reach of their PCI Solution portfolio within the Latin American region," said Rey Morgan, CEO of Grupo de Recurso Digital. "Grupo de Recurso Digital has had significant experience in providing services for enterprises looking to be compliant with PCI DSS in the region, and with DRG, we can leverage their vast experience with US and Global customers to help regional merchants, banks and others to better protect their customers' credit card data."
About Digital Resources Group
Digital Resources Group (DRG), http://www.drgsf.com, is an information security assessment and data protection organization with over ten years of experience delivering quality security, audit, risk and controls services to market leading companies. DRG, a Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV) and Payment Application Qualified Security Assessor (PA-QSA), is a leader in payment card industry (PCI) security validation and compliance services. Endorsed by industry card associations, as well as leaders from financial services, healthcare, telecommunications, and government agencies, many businesses rely on DRG for valuable security expertise. The company provides a range of consultation and technical security support solutions that provide high-quality, full-service security assessment, remediation, implementation, incident response and related support services to help organizations maneuver through the complex and changing security challenges and compliance requirements of various industry sectors.
About Grupo de Recurso Digital
Grupo de Recurso Digital S.A., http://www.compliantdr.com, founded in 2008 by three business executives with global experience in marketing, product development and manufacturing of payment terminals and applications in addition to over a decade of experience in business process and product development outsourcing. GRD provides strategic marketing planning and global business development to our strategic partners.
About Digital Resources Group (DRG)
DRG has a history of providing successful security solutions for its customers. Originally founded in 1997, by three former Wells Fargo employees responsible for information security, DRG pioneered the early evolution of security best practices for e-commerce. Focused on the financial services industry, DRG understood the concept of security best practices, and during the late 1990's was actively involved in assessing the security infrastructures for many new e-merchants just building their business on the internet. In September 2000, DRG elected to merge its business teams with Certicom, a publicly traded wireless security firm. Recently, due to the economic slowdown and diminished demand for wireless services, DRG has decided to spin-off from Certicom, and is once again providing for its customers, the same strong security assessment services it has all along under the separate entity DRG - Digital Resources Group. Unlike many larger firms who offer a security practice as well as numerous other consulting specialties, DRG is uniquely focused on the security marketplace. All our resources are committed to and focused on offering security services solutions to protect our customers.
# # #