CyberSource Launches Payment Card Industry Security Compliance Service

Helps eCommerce merchants meet and exceed VisaŽ, MasterCardŽ data security requirements

MOUNTAIN VIEW, Calif. April 27, 2005 CyberSource Corporation (NASDAQ: CYBS) today announced the CyberSource PCI Compliance Service, a comprehensive assessment and readiness program for eCommerce merchants seeking full compliance with the Payment Card Industry Data Security Standard (PCI), the unified data security standard developed by Visa and MasterCard. Merchants welcomed the announcement of the standard last year instead of having to comply with several disparate programs, they could focus efforts on certifying to one core standard. But as the June 30 deadline for compliance approaches, a relatively small number of merchants are fully prepared. CyberSource`s new service is designed to help merchants meet the fast approaching deadline by applying its unique payment expertise, supporting not just simple compliance, but true payment security and operating efficiency.

According to David Glaser, director of professional services at CyberSource, "We estimate that if an audit were done on PCI compliance today, the majority of U.S. merchants would be about 30% prepared. Our goal with this program is to assist customers in their rapid attainment of full compliance, and to provide customization that takes them beyond the specification. The standard provides a good base for payment security, but every business has its own unique vulnerabilities that the audit standard cannot fully address. We apply our payment expertise and help merchants achieve true payment security not simply compliance."

Why should merchants certify?
Most merchants will be required by their acquiring bank to certify to the PCI program no later than June 30th, 2005. Merchants not PCI certified could face fines as high as $500,000 or be permanently barred from the card acceptance program. Certification is a proactive step by the card associations aimed at limiting the growing threat of cardholder information theft. For eCommerce merchants, cardholder security breaches can threaten the overall value of a business, seriously impacting customer and investor trust and loyalty long after the story has faded from the headlines.

CyberSource`s certification process with a payment emphasis
CyberSource is a payment solutions expert not just a security assurance vendor. Depending on a merchant`s eCommerce environment, standard PCI compliance may not be sufficient to achieve full payment security. "What we are offering is not a quick scan and audit," said Glaser, "but an education, a focus on operational readiness, and an operating methodology that results in true payment security. We serve as our customer`s trusted advisor in certification as it relates to payment solutions and security." eCommerce merchants will receive a solution that is PCI compliant, offers truly comprehensive payment security, and is payment operations-savvy. For more information on the CyberSource PCI Compliance Service, go to http://www.cybersource.com/pci.

Comprehensive services
The CyberSource service engagement focuses on a set of three proven readiness phases, followed by an independent audit. The readiness effort begins with compliance planning, carried out with all appropriate customer stakeholders. This stage is followed by a pre-assessment audit in which all affected systems, policies, and processes are reviewed and a detailed list of projects required to achieve compliance is compiled. Remediation then addresses those compliance gaps and concludes with a statement of audit readiness. At this point, CyberSource engages a third party for an independent compliance audit. Following compliance, CyberSource offers compliance maintenance services by managing quarterly vulnerability scans, assessing scan results, monitoring changes in PCI requirements and managing associated readiness efforts.

Audit integrity
CyberSource manages its customers` readiness efforts, but utilizes a separate vendor to validate the work done. This helps maximize the quality of the work and the customers` confidence in the audit. While the merchant is free to select any Qualified Security Assessor, CyberSource`s preferred auditor has extensive payment expertise. That way, both the remediation efforts and the certification of those efforts are conducted with an awareness of the special needs of payment operations.

Guide to E-Commerce Technology

Faster project completion
CyberSource`s industry-leading experience in eCommerce payment means the company has implemented solutions across a broad spectrum of industries and customer profiles. CyberSource has developed risk management and payment solutions in some of the world`s largest and best-known multi-channel retailers. This translates to confidence and speed of completion for any remediation efforts required to meet compliance, including compensating controls that may not be evident to firms lacking deep payment expertise.

CyberSource and security compliance
PCI compliance is one part of CyberSource`s comprehensive portfolio of risk and compliance management tools and services, all of which are designed to minimize merchant risk and maximize customer revenue and profit potential. These tools and services include fully managed risk services, decision management systems that automate fraud screening and order processing, systems to verify addresses and card numbers, support for cardholder identity programs sponsored by Visa and MasterCard, global tax calculation, and export compliance.

About CyberSource
CyberSource Corporation is a leading provider of electronic payment and risk management solutions. CyberSource solutions enable electronic payment processing for Web, call center/IVR, and POS environments and manage fraud risk associated with card-not-present transactions. CyberSource Professional Services designs, integrates, and optimizes enterprise-wide commerce transaction systems. Over 8,000 businesses use CyberSource solutions, including half the companies comprising the Dow Jones Industrial Average. The company is headquartered in Mountain View, California, and has sales and service offices in Japan, the United Kingdom, and other locations in the United States. For more information, please visit CyberSource`s web site at www.cybersource.com or email info@cybersource.com.

2005 CyberSource Corporation. All rights reserved. CyberSource is a registered trademark in the U.S. and other countries. All other brands and product names are trademarks or registered trademarks of their respective companies.