VeriSign Achieves Three Industry Security Certifications

HostReview.com
Tuesday, April 26, 2005; 04:01 PM

VeriSign, Inc. (www.verisign.com), a provider of intelligent infrastructure services for the Internet and telecommunications networks, today announced that it has achieved compliance with three highly coveted industry certifications: The Visa Cardholder Information Security Program (CISP), MasterCard Site Data Protection (SDP) program and the American Institute of Certified Public Accountant's (AICPA) Statement of Auditing Standards #70 (SAS70). 

Each certification underscores a strong VeriSign commitment to making security a central focus of its development efforts and protecting the safety and integrity of customer data.

In today's global economy, service organizations and providers must demonstrate that they have adequate controls and safeguards in place when they host or process customer data.

To address these needs, both Visa, MasterCard and the AICPA have established standards to protect cardholder information in all organizations that store, process or transmit data.

"The extraordinary rise in online shopping has also precipitated fraud, hacking and other malicious activity.  For consumer confidence to remain intact, merchants, and their customers, need to know their information is safe and protected." said Trevor Healy, vice president, VeriSign Payment Services. 

As part of the certification process, VeriSign employed an independent, Visa-qualified, auditor to perform a thorough inspection of the VeriSign payment processing environment.

This process included an intensive review of the procedures VeriSign uses to classify, access, and store sensitive information.  In addition, VeriSign performed and in-depth analysis of network and system architecture, a complete assessment of IT policies and procedures, and an on-site inspection of physical data-center facilities.

Complying with MasterCard SDP involved a two-step process.  VeriSign completed a self-evaluation of its security procedures, with a detailed analysis of its Web infrastructure, to showcase VeriSign's compliance with MasterCard standards.  MasterCard then performed compliance testing, scanning VeriSign Payment Services solutions in a controlled environment to ascertain their viability.