Nixu's information security audits approved by Visa and MasterCard
Nixu, Helsinki 26.1.2006
Visa and MasterCard have approved Nixu as the first Finnish company qualified to perform the information security audits required from their clients. Starting from 2006, the requirement affects all Finnish companies that receive large numbers of payment card payments. The information security audit is conducted at vendors who receive more than 20.000 online payments annually, and at other companies involved in receiving, intermediating, storing, recording or gathering payment and transaction related information from other companies.
Visa, MasterCard and other large credit card companies expect that all companies that process payment transactions adhere to the new PCI DSS standard (Payment Card Industry Data Security Standard), which is used to direct the reception, processing, storing and mediation processes. The idea of the new standard is to prevent misuse and theft of any credit card information.
Adherence to PCI DSS standard will be supervised via independent audits conducted by third parties. Says Jonna Särs, Managing Consultant at Nixu: "At the very least, the audit includes a quarterly vulnerability assessment scan performed over the network. Any entity that processes more than million transactions per year is also required to conduct an annual on-site audit to ensure that both the technical as well as the administrative aspects of information security have been addressed appropriately."
The clients shall have the right to choose the information security auditor of their choice from a list of approved auditors published by Visa and MasterCard.
Demand for information security audits is growing rapidly
The demand for information security audits within the financial sector is growing rapidly. The surge has been caused by widely reported 'phishing' attempts that have been a menace to the general public.
The annual value of the Finnish information security audit market is estimated at ca. 11 million euros, and it is expected to continue to grow at 20% per year. Nixu has been performing security audits for more than 10 years, and they currently produce roughly one-fifth of Nixu's annual turnover. Nixu expects to increase its sales within this area through its involvement in credit card related information security audits.
The criteria for approved information security auditors are rigid and there are no Finnish competitors. Similar services are usually provided by the Big Five of the accounting, auditing and consulting industry. Says Timo Kotilainen, the CEO of Nixu: "Our strength lies in our experience from, and know-how of, the international finance sector combined with the recognition of the special needs and requirements of companies operating in Finland. Our existing information security clients within this sector include for example Sampo Bank, Banque Saudi Fransi and National Bank of Abu Dhabi".
For more information:
Managing Consultant - Jonna Särs
GSM +358 40 569 5505
jonna.sars@nixu.com
CEO - Timo Kotilainen
GSM +358 40 523 6582
timo.kotilainen@nixu.com
For further information about the PCI DSS standard, visit
http://www.luottokunta.fi/PCI/
Lists of approved information security auditors:
https://sdp.mastercardintl.com/vendors/vendor_listings.shtml
http://www.visaeurope.com/acceptingvisa/pdf/AIS_Qualified_Security_Assessors.pdf
Nixu is a leading expert in demanding information security and software development, which designs, sets up and tests the information security of networks, applications and systems. The group consists of Nixu Oy in Finland and Nixu Middle East FZ-LLC. The turnover of the group is about 6 million euros and it employs more than 60 people.