DerbySoft Selects Trustwave for PCI DSS Compliance Validation

Shanghai - 21 May 2009

DerbySoft, a Shanghai-headquartered technology company serving hotels and the hospitality industry, has selected Trustwave to provide Payment Card Industry Data Security Standard (PCI DSS) compliance validation services. Trustwave is the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world.

PCI DSS is the payment card industry security requirement for entities that store, process or transmit cardholder data, and has been endorsed by all the major card brands – Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB.

As a payment gateway provider for hotels and the hospitality industry, DerbySoft has engaged Trustwave to provide guidance on securing their payment environment and validating PCI DSS compliance. They have enrolled in Trustwave’s on-demand compliance management solution, TrustKeeper® to access the necessary tools to support on-going compliance such as quarterly network vulnerability scans. In addition, Trustwave will perform an internal penetration test to ensure adequate controls are properly in place for any person with access to the internal corporate LAN/WAN environment.

“Mis-configured internal networks lend themselves to external attacks,” says Feng Ou, CTO at DerbySoft. “We are working with Trustwave to secure our entire environment to prevent any malicious attacks and gain greater clarity into corporate vulnerabilities while also validating our compliance.”

“Trustwave has recently found that businesses in the hospitality industry share common security deficiencies that contribute to the compromise of payment card data, such as the storage of magnetic stripe data, weak passwords and insecure remote access applications,” says Robert J. McCullen, chairman and CEO of Trustwave. “DerbySoft is taking a great step differentiating itself as a provider of secure and compliant solutions. Users of their technology will rest assured knowing that DerbySoft understands the importance of payment card security.”

“DerbySoft is a leader and deserves recognition for their proactive approach to protecting cardholder data,” says Sophia Chen, director of Northern Asia Pacific for Trustwave. “Trustwave’s internal penetration test will provide their organization greater insight into their network environment, assessing each security layer and ensuring DerbySoft has implemented the proper security controls to protect themselves from external exploits.”

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development