Aria Systems Achieves Highest Level Security Standard For Online Billing Transactions

Provider of on-demand subscription billing joins select list of level one PCI compliant companies

January 8, 2009

5 Min Read


January 7, 2008 -Media, PA -- Aria Systems Inc., the leading provider of on-demand billing and customer lifecycle management, today announced that it has been approved by the Payment Card Industry (PCI) Security Standards Council as Level One PCI Compliant. This level of security certification is extremely rare in the Software-as-a Service (SaaS) space, and the achievement of the highest level of PCI Compliance certifies that Aria Systems provides its customers with an on-demand platform to manage SaaS billing transactions that adheres to the credit card industry's most stringent security measures. Aria Systems now joins a select group of PCI Level One Compliant companies that includes Intuit, Oracle, Google, NetSuite, and Microsoft.

Through the company's attainment of PCI Level One Compliance, Aria Systems' clients are assured that their end-to-end processes (and each component individually) are compliant, continuously. As such, unlike many companies that claim to offer PCI Compliance to their clients, Aria Systems' clients know they can rely on PCI Compliant processes in functions including:

* Registration

* User Self-Service (USS)

* Customer Relationship Management (CRM) tools

* Application Programming Interfaces (APIs)

Aria Systems' A+ Billing Platform is the first and only enterprise-class billing platform offered in a highly flexible Software-as-a Service based environment. Over the past six months, Aria Systems has rigorously updated its security standards while implementing new policies and procedures necessary for obtaining Level One PCI Compliance of its billing procedures. These new security measures will protect Aria Systems' customers against lost transactions and financial penalties generated from fraudulent activity or technical malfunctions such as:

* Credit Card Fraud

* Identity theft

* Breached & Insecure Networks

* Internet Viruses

In the billing space, Aria Systems is uniquely committed to comprehensive customer lifecycle management. A dimension of Aria's focus is the execution of contextual, appropriate-point-in-the-process communications and alerts with clients' customers, preemptively launched before any billing problems arise. Because being PCI compliant allows Aria Systems to securely store customer data, customers benefit through a unique waterfront of related value-adds that translate into direct cost savings, increased marketing, flexibility enabling revenue growth, and increased customer and revenue retention.

PCI mandates that all billing companies' processes, not just infrastructure, must be Level One PCI compliant. Merchants that do not comply with the PCI Data Security Standard (DSS) face monthly fines for noncompliance -- ranging from US$5,000 to $25,000. Beyond monetary fines, there are far greater costs associated with noncompliance such as lost reputation, damaged customer trust and loyalty, financial losses, lost business, lawsuits and other results of a breach. "Relative to PCI Compliance, there are layers of danger facing companies that handle customer financial and personal data. Many companies have a false sense of security, not realizing that when they work with a provider that is PCI Compliant, yet still commit behaviors like storing customer credit card information in their CRM tool, they are putting themselves and their customers at risk," said Ed Sullivan, CEO of Aria Systems. He added, "Even more alarming is that many companies don't understand at all the gravity and potentially catastrophic consequences of working with a non-PCI Compliant billing provider, or one with only a single component of its processes Compliant."

Sullivan notes, "Aria Systems is the only SaaS billing provider truly dedicated to the safety and security of our customers' transactions. And we have the certification to prove it." To maintain level one compliance, Aria Systems must adhere to annual third party audits and integrate regular upgrades into their security systems. To manage these audits, Aria Systems has partnered with Trustwave, a leading provider of on-demand data security and payment card industry compliance management solutions, to oversee penetration tests, manage code reviews and inspect firewalls.

"While we have always trusted Aria's commitment to the security of our data and billing transactions, their decision to spend the time and money associated with becoming level one PCI compliant adds even greater assurance and validity in their services," said John Miller, Managing Director and Principal of Decision Intelligence. "With so many threats posed to Internet transactions, it's important for any company that manages its billing with a third party vendor to insist that the company be level one PCI compliant."

The PCI Security Standards Council cannot prevent companies from claiming PCI Compliance (in fact many do), but only those that are named in the PCI Data Security Standard (PCI DSS) annual report are truly compliant. Companies that are unsure of whether or not their billing provider is PCI Level 1 compliant are urged to check the list of those companies that are certified as such, at

About Aria Systems Aria Systems is the leading provider of subscription billing solutions and offers the only "monetization platform" encompassing the full spectrum of Billing and Customer Lifecycle Management services. The "monetization platform" offers clients the on-demand billing industry's most flexible tool for accelerating revenue capture, optimizing cash flow, and enabling actionable market intelligence while significantly reducing operating costs throughout each phase of the customer lifecycle. Acknowledged as the SaaS billing leader in terms of experience and execution, Aria manages and maintains more than 1 million accounts and has processed more than 1 billion transactions since it began operations in 2003. With Hummer Winblad Venture Partners, Venrock, and software billing icon Dave Labuda as investors, the company is based in Media, Pa. (metropolitan Philadelphia), and has offices in the San Francisco bay area as well. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights