GFI releases software suite for PCI DSS compliance

A software package aimed at helping companies meet the strict requirements and tight deadlines imposed by the Payment Card Industry Data Security Standards (PCI DSS) and comply with the majority of automated processes, required for compliance, has been launched by network security developer GFI Software.

The GFI PCI Suite provides a centralised management console through which systems administrators can deploy the PCI DSS enhanced versions of GFI EventsManager and GFI LANguard NSS - two solutions that are vital to network security and essential to meet the directives imposed by PCI DSS.

GFI EventsManager boosts PCI DSS compliancy efforts by alerting administrators on key events occurring on the network while GFI LANguard NSS allows IT professionals to identify network security weaknesses proactively and fix them before these are exploited.

Credit card fraud was the most common form of identity theft at 25 per cent of all reported occurrences in 2006, with more than US$48 billion lost by financial institutions and businesses in that year and $5 billion lost by individuals. E-commerce fraud is also on the rise, reaching $3 billion in 2006 with an increment of 7 per cent over 2005.

To reduce credit/debit card fraud, the five major card industries created a set of security best practices PCI DSS with which payment card industry businesses must comply. Merchants processing over six million credit card transactions must become PCI DSS compliant by September 30, while those processing between one and six million credit card transactions have until December 31.

Non-compliant companies are liable to various sanctions including hefty fines of up to $500,000 per security breach and restrictions on card processing privileges.

Specialised PCI suite

"The theft of over 45 million credit card details from TJX Inc. earlier this year has put increased pressure on companies that store, process or transmit cardholder data," Andre Muscat, director, Network Security Products at GFI said. "No company is immune to credit/debit card fraud, so they must protect cardholder data and become PCI DSS-compliant by the end of this year.

"To help companies speed up their compliance process we are providing them with a single, specialised PCI suite that will allow them to satisfy the majority of automatable requirements imposed by this industry directive."

Apart from log management and vulnerability management solutions, GFI's PCI Suite also ships with enhanced reporting mechanisms. The GFI EventsManager ReportPack has eight new reports specifically designed to provide more granular information on the activity of network users and components.

The GFI LANguard Network Security Scanner ReportPack features a new report that presents the status of antivirus solutions deployed on the network and new data filters, which provide even more granular control over the information presented in the reports.

Apart from the services and hands-on information provided in the GFI PCI Suite, companies buying the product will also benefit from a complimentary two-year Software Maintenance Agreement (SMA). The GFI PCI Suite is available for download from www.gfi.com/downloads/downloads.aspx?pid=pci&lid=en.

Clients who would like to buy this PCI DSS suite can do so through the authorised resellers listed on: www.gfi.com/pages/resellers.asp. For more information on the GFI PCI Suite and its components visit: www.gfi.com/pci/.