Meeting the Compliance Requirements. Preventing fraudulent use of credit cards is a serious issue globally, as various individuals and organisations continue to combat against this worrying trend. In the underground Internet economy, credit card information is the highest advertised item with an expensive price tag attached, depending on the type of information, rarity of card type and also bulk purchases. The Payment Card Industry Data Security Standard (PCI DSS) is a global and industry imposed standard to “facilitate the broad adoption of consistent data security measures on a global basis” as well as to counter increasing payment card fraud. As to who is involved in the PCI DSS, anyone who deals with payment card data is included such as acquirer (who has the rights to issue credit cards), merchant (accepting payment cards in person, via phone, online, etc), brand network (VISA, MasterCard, AMEX), service provider (providing processing services), issuer (with relations to the cardholder) and most importantly, the cardholder itself. Locally, the PCI DSS standards have been discussed among merchants for about three years and the target date for implementation has been reported to be at the end of September 2010. Guidance and assessment for the standards are listed out with 12 requirements (Digital Dozen) as well as 200 over technical controls. Validation requirements differ by merchant level with on-site assessments, self-assessment questionnaires and enforcements by payment card brands. Failure to do so will result in fines, suspension as well as loss of customer and partner confidence. “Today, organisations are under increased pressure to reduce IT risks and meet regulatory requirements while simultaneously coping with limited resources and budgets. While working on meeting regulatory requirements, organisations should consolidate compliance initiatives across multiple regulations, standards, and jurisdictions to achieve substantial economies of scale and improve organisational effectiveness,” said Raymond Goh, Regional Technical Director, Systems Engineering and Customer Advisory Services, Asia South Region, Symantec. Symantec has come up with a comprehensive solution for the PCI DSS combined with customised consulting services and market-leading technology. What Symantec does is to respond to emerging threats with timely alerts and recommendations, reduce the audit burden with continuous, automated testing and customised reporting, enhance capabilities with Symantec’s world-class, QSA-certified security practitioners and reinforce employee responsibility with customised PCI training. “Control Compliance Suite 10.0 is an integrated, automated solution designed to meet this challenge, allowing information security professionals to focus their efforts on driving positive business outcomes,” said Nigel Tan, Principal Consultant, Asia South Region, Symantec.