Boonbox
Pacific Coast Information Systems
700-1112 Pender Street West
Vancouver, BC V6E 2S1 Canada
+1 (604) 844-7558
www.boonbox.net
For Immediate Release
D-Day for Merchants Facing Credit Card Security Compliance
‘Businesses that fail to deploy web application protection open to heavy fines
VANCOUVER, CANADA – June 30, 2008 – Today is the deadline for businesses all over the world that process credit card transactions to protect their web applications from hackers and ID thieves. Merchants that fail to meet the Payment Card Industry Data Security Standard (PCI DSS) may face heavy fines of up to $500,000 levied by credit card companies.
“These web application security regulations that used to be best-practices are now mandatory and it’s going to catch a lot of businesses off-guard,” says Pacific Coast Information Systems Ltd. (PCIS) President Vaclav Vincalek, citing a recent NetIQ survey that showed just 23 per cent of surveyed businesses were PCI DSS compliant. “Businesses that fail to deploy web security auditing services like the innovative Boonbox tool, Devfense, and invest in web application firewalls from recognized experts simply aren’t security compliant.”
“The credit card companies have an incentive to be pretty heavy-handed in enforcing these rules. They know that if the majority of customers no longer feel safe in using credit cards because of lax security measures on the part of merchants, the business model of using credit cards for all kinds of purchases is put at risk. Meanwhile, customers have been suffering ID theft from poor corporate security for years – and they’ve had enough.”
The number of PCI DSS compliant businesses may be even lower than the number indicated in the NetIQ survey, Vincalek notes. “The Privacy Commissioner of Canada Jennifer Stoddart noted recently that most companies lack even basic privacy and security measures – so the situation may be even worse than anybody realizes.”
Up to 75 per cent of hacker attacks are targeting the web application layer, according to Gartner analysts. But typical IT security measures like firewalls and virus scanning software are not effective against cross site scripting and SQL injection attacks on websites and web applications, Vincalek notes.
“Companies that want to avoid fines and be confident about avoiding a security breach costing millions of dollars in legal bills and crisis management need to get PCI DSS compliant.”
Devfense is a web security audit tool from PCIS' Boonbox product line. Devfense scans web applications to help businesses ensure full compliance with a wide range of web security regulations, including PCI DSS. "The tools are already available for businesses that want to be secure," Vaclav says. "Businesses that use a web audit tool like Devfense may also take advantage of web security consulting to ensure vulnerabilities are closed to address the risk factor."
About Boonbox – www.boonbox.net
Boonbox, a division of PCIS, was created in 2007. Boonbox specializes in productivity solutions that deliver immediate results in support of business challenges. Partnered with world-class, market leading technology vendors, Boonbox enables mid-sized companies to address security, compliance and data integrity issues.
About PCIS – www.pcis.com
Pacific Coast Information Systems (PCIS) Ltd. is a full-service technology and consulting firm based in Vancouver. Founded in 1995 as a technology company providing application development and support, PCIS’s core business today is to provide technical assessment & services, business analysis, and I.T. project management. PCIS has proven expertise in networking, security, application development, portals and compliance.
###
Media Contacts:
Karen Chiang Jonathon Narvey
Boonbox Program Manager PCIS Boonbox Communications
Phone: +1 (604) 844-7558 Phone: +1 (604) 844-7558