SAN BRUNO, Calif. -- IronPort® Systems, a Cisco business unit and a leading provider of enterprise spam, virus and spyware protection, today announced the introduction of fully-integrated Payment Card Industry (PCI) Data Security Standards compliance for email. The new functionality is included in IronPort’s AsyncOS™ operating system, which powers IronPort’s existing and new, purpose-built email security appliances for retailers and other organizations that handle credit and debit card transactions. The introduction of this functionality into the new IronPort C150™ and IronPort C350™ email security appliances gives small to medium-sized businesses a single, fully-integrated solution that combines traditional email security functions (like spam and virus filtering) with work-flow based functions (such as policy creation, content scanning, and message encryption, quarantining and/or archiving).

“IronPort delivers a PCI solution that is directly incorporated in our existing email security appliances,“ said Tom Gillis, Vice President of Marketing for IronPort. “The latest reports from Visa show that thirty-five percent of retailers that are not PCI compliant, despite the September deadline and fines of $25,000 per month for non-compliance. The next largest retailers, level 2 merchants worldwide, have a December deadline and are increasingly focused on becoming compliant. The good news is that IronPort's appliances can prevent PCI violations while also stopping more than 99 percent of all unwanted email, resulting in the ultimate compliant, spam-free user experience."

PCI Compliance Requirements and Effects on Retailers PCI mandates that customers provide a secure transmission medium for sensitive cardholder information and maintain a vulnerability management program. Anti-virus programs must be used, regularly updated and capable of detecting, removing and protecting against all forms of malicious software. Companies who are not PCI compliant are subject to fines up to $500,000 per incident, greater scrutiny and additional penalties - including revoking the ability to process their debit and credit cards. In addition to fines and penalties, non-compliant companies are subject to related public disclosure regulations (causing a loss of customer trust and brand equity), which could lead to lower revenues and shareholder revenues. As a result, retailers and other organizations that handle cardholder information around the world are particularly focused on rapidly deploying a solution to address PCI compliance.

“Retailers and other high-volume debit and credit card merchants, issuers, and information-based organizations worldwide face the complex task of securing personal cardholder information. These complex regulations often require wholesale changes to internal and externally-facing security practices,” said Brian Burke, Director, Secure Content and Threat Management for IDC. “Retailers and other organizations need to comply to protect their customers and protect themselves and their brand. Small and medium-sized businesses are in special need of security in an easy to deploy solution that they can manage with minimal resources. IronPort provides this with email security appliances that meet PCI compliance requirements in an easy to administer, transparent manner.”

IronPort Systems