Now more than ever, consumers, legislators and law enforcement organizations expect payments application vendors to properly handle customer data. Of course, these companies have an obligation to shareholders to deliver bottom line results.
PABP compliance enables them to meet both objectives.
- Implementing best practices at the application level is the right thing to do.
- VISA US will list validated applications on the CISP website, providing a powerful market differentiator for payments application vendors.
How Does IP Commerce Make the Process Simpler?
- PABP-Oriented Development Tools
Commerce Toolkit for Applications includes best practices implementations of PABP including a PABP implementation guide (for registered users), meaning developers can focus on creating user experiences and business logic, while the Toolkit takes care of difficult-to-implement PABP-recommended functionality such as encryption key expiry and strong password enforcement.
- Expert Auditing
In addition to easing the development effort, use of Commerce Toolkit for Applications can also reduce the cost of an audit. Coalfire auditors are already intimately familiar with the PABP components built into Commerce Toolkit for Applications, making the code review process a great deal shorter than for solutions not built for the IP Commerce Platform.
- Portal-based Delivery to Reduce Cost, Time and Complexity
PABP Rapid Compliance is designed to minimize travel and other communication expenses. Secure document control is a feature of the Rapid Compliance Portal, and the validation materials provided by the software company are stored by Coalfire Systems, making subsequent audits progressively easier.
Remember, any merchant actively involved in a PCI compliance program will not select an application that is not PABP compliant.
- Alan Ferguson, Vice President, Coalfire Systems, Inc.
A Growing Problem
Application based security breaches are the fastest growing areas of cyber crime today and almost tripled from 2004 to 2005 and set new records in 2006. Current application security practices provide a rich and vulnerable target of unsecured data and sensitive credentials.
Our retail clients are finding one of their biggest compliance struggles is bringing their payment applications and supporting vendors into PCI compliance. Not one of our clients would purchase or renew with an application vendor that cannot demonstrate PABP compliance. Over the last two years, out of all the payment applications audited for PCI compliance at our merchants, fewer than 5% pass.
Most are storing customer card data unencrypted in log files or are sending sensitive credentials in the clear. Payment application vendors who can demonstrate security as their number one feature have a significant window of opportunity to capture market share in the retailing and e-payments arena, those that cannot will likely not be in business two years from now.
If you cannot demonstrate through transparent means how your platform meets the compliance and best practice requirements of PABP then customers will stop listening to any other product messages no matter how compelling the offering.
"Security surveys show 90% of customers say they blame their retailer, and 20% say they will take their business elsewhere if the data is compromised regardless of who is to blame. It is no wonder that retailers cannot afford to use application vendors and integrators that do not take security as their highest priority."
- Kennet Westby, CTO, Coalfire Systems, Inc.
A Complete Solution for Commerce-enabling & Certifying Applications
Coalfire Systems and IP Commerce have designed a program that combines leadership in Information Security auditing with powerful software tools, making the process of PABP compliance auditing more affordable, more manageable and more understandable.