Network Appliance Inc. (Nasdaq: NTAP) and Decru Inc. today announced CardVault, an integrated security product to help merchants meet mandatory Payment Card Industry (PCI) security standards (see Decru, NetApp Sell PCI Security).
The news reflects big changes in storage security. It is no longer only the largest financial institutions and companies with government compliance regulations hanging over their heads. PCI standards come from the private sector rather than the government, and this particular implementation involves midsized and smaller companies.
Credit card companies MasterCard and Visa developed the PCI standards, which outline best practices for merchants to use in protecting stored credit card data.
The standards are now in effect. Companies failing to comply face fines to $500,000 and can be bounced from the card acceptance program. Online merchants with more than 600,000 credit card transactions per year already must be in compliance now. A deadline of June 30, 2005 has been set for companies termed Level 2 and Level 3 merchants, which includes anybody that clears at least 20,000 transactions per year. The standard will eventually apply to even smaller companies.
Decru isnt alone among security appliance vendors looking to cash in on the new standards. Other vendors, including NeoScale Systems Inc., Kasten Chase Applied Research Ltd., and Vormetric Inc., have features that allow companies to meet PCI standards. These include AES-256 encryption, the ability to encrypt transmission of card holder data across networks, and automatic key deletion that destroys cardholder data when it is no longer needed.
