New Service Puts Visa and MasterCard’s Security Standards Within Reach of All Merchants

ScanAlert’s Affordable Self Service Security Program Enables All Merchants to Meet CISP and SDP Requirements

Napa, CA November 30, 2004 – Priced far below competing offerings from other IT security vendors, SELF SERVE COMPLIANCE is a new low-cost service that enables online merchants to meet the vulnerability audit requirements for all levels of Visa’s Cardholder Information Security Program (CISP), as well as MasterCard’s Site Data Protection (SDP) standard. Starting at just $79 per year, SELF SERVE COMPLIANCE is available from ScanAlert, an approved MasterCard SDP assessor.

By putting the new requirements of Visa’s CISP and MasterCard’s SDP security programs within financial reach of even the smallest merchant, SELF SERVE COMPLIANCE enables organizations of all sizes to meet the rapidly approaching deadlines for satisfying Visa and MasterCard’s security standards. Merchants who process over 500,000 Visa transactions annually have a March 31, 2005 deadline to meet Visa’s CISP Level 2 deadline, while merchants processing over $125,000 in monthly MasterCard transactions must become compliant with SDP requirements by June 2005. ScanAlert estimates these deadlines will affect tens of thousands of online merchants.

“The theft of credit card information from web sites has become so rampant that Visa and MasterCard took steps to require virtually all online merchants to pass security standards. Our response is an easy-to-use and low cost service that meets the real-world needs of the vast majority of the Internet retailing universe," said ScanAlert CEO Ken Leonard. “ScanAlert’s SELF SERVE COMPLIANCE ensures that every organization–whatever its size or location–will be able to secure its web site and satisfy the new security requirements of all major credit card associations.”

“These new security requirements are designed to stem the flow of stolen data into the hands of criminals,” added Ben Goretsky, President, USA ePay. “ScanAlert’s SELF SERVE COMPLIANCE is a cost-effective, single source answer to meet the requirements of all credit card companies. It’s ideal for the small business market which either ignores the importance of, or lacks the ability to effectively secure ecommerce web sites against hackers.”

About Visa CISP and MasterCard SDP
The Visa CISP and MasterCard SDP initiatives are designed to reduce the vulnerabilities on merchant web sites through regularly scheduled security scans as well as security self-audits. Both programs are offered to merchants through the card associations’ acquiring members, with the desired result of each program being sites that are hardened against hacker break-ins.

SELF SERVE COMPLIANCE Features
SELF SERVE COMPLIANCE is a complete security auditing program with a breadth of features that go well beyond the vulnerability scanning requirements of both SDP and CISP. A comprehensive security tool, the service includes:

IRCE 2008 Conference Multi-Media CD-ROM

• Access to ScanAlert’s web-based Vulnerability Management Portal
• Scheduled quarterly automated vulnerability scans
• Unlimited on-demand manual scans to re-test systems whenever needed
• Detailed instructions to patch all vulnerabilities found during scans
• Online tutorials to help understand and prepare security self-assessment forms
• Preparation of the Report on Compliance (ROC) documentation for submission to an online merchant’s acquiring bank

How to Become Compliant with SELF SERVE COMPLIANCE
SELF SERVE COMPLIANCE does not require any hardware or software installation. The starting price of $79 per year covers up to six domain names or IP addresses. Each additional domain or IP address costs $25 per year. Domain names that resolve to multiple IP addresses will be charged separately for each IP address. Although the online tutorials are comprehensive, SELF SERVE COMPLIANCE does not include technical support, which is available at an additional cost from ScanAlert. A typical technical support scenario would be contacting ScanAlert to discuss how to patch systems.

For more information, or to sign up online, please visit www.scanalert.com/compliance

About USAePay
USA ePay is a full-service ECI and Retail certified payment gateway which supports the First Data Nashville and Vital PS platforms. USA ePay, along with being Visa USA CISP compliant, supports the Verified by Visa program. The USA ePay gateway also carries the basic features of Address Verification System, CVV2 and CVC, Recurring Billing and a free developer’s library on their website. For more information, please visit www.usaepay.com or call 866.USA.EPAY.

About ScanAlert
Headquartered in Napa, CA, ScanAlert conducts rigorous daily security audits that make web sites secure from hackers and then certifies it to their customers with a HACKER SAFE® certification mark. HACKER SAFE certification protects millions of shoppers every day on tens of thousands of retail ecommerce web sites. The certification mark indicates that these sites are compliant with the highest federal and industry web site security standards. For more information, please visit www.scanalert.com.