Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:06 PM
Dark Reading
Dark Reading
Products and Releases

Aria Systems Achieves Highest Level Security Standard For Online Billing Transactions

Provider of on-demand subscription billing joins select list of level one PCI compliant companies

January 7, 2008 -Media, PA -- Aria Systems Inc., the leading provider of on-demand billing and customer lifecycle management, today announced that it has been approved by the Payment Card Industry (PCI) Security Standards Council as Level One PCI Compliant. This level of security certification is extremely rare in the Software-as-a Service (SaaS) space, and the achievement of the highest level of PCI Compliance certifies that Aria Systems provides its customers with an on-demand platform to manage SaaS billing transactions that adheres to the credit card industry's most stringent security measures. Aria Systems now joins a select group of PCI Level One Compliant companies that includes Intuit, Oracle, Google, NetSuite, and Microsoft.

Through the company's attainment of PCI Level One Compliance, Aria Systems' clients are assured that their end-to-end processes (and each component individually) are compliant, continuously. As such, unlike many companies that claim to offer PCI Compliance to their clients, Aria Systems' clients know they can rely on PCI Compliant processes in functions including:

* Registration

* User Self-Service (USS)

* Customer Relationship Management (CRM) tools

* Application Programming Interfaces (APIs)

Aria Systems' A+ Billing Platform is the first and only enterprise-class billing platform offered in a highly flexible Software-as-a Service based environment. Over the past six months, Aria Systems has rigorously updated its security standards while implementing new policies and procedures necessary for obtaining Level One PCI Compliance of its billing procedures. These new security measures will protect Aria Systems' customers against lost transactions and financial penalties generated from fraudulent activity or technical malfunctions such as:

* Credit Card Fraud

* Identity theft

* Breached & Insecure Networks

* Internet Viruses

In the billing space, Aria Systems is uniquely committed to comprehensive customer lifecycle management. A dimension of Aria's focus is the execution of contextual, appropriate-point-in-the-process communications and alerts with clients' customers, preemptively launched before any billing problems arise. Because being PCI compliant allows Aria Systems to securely store customer data, customers benefit through a unique waterfront of related value-adds that translate into direct cost savings, increased marketing, flexibility enabling revenue growth, and increased customer and revenue retention.

PCI mandates that all billing companies' processes, not just infrastructure, must be Level One PCI compliant. Merchants that do not comply with the PCI Data Security Standard (DSS) face monthly fines for noncompliance -- ranging from US$5,000 to $25,000. Beyond monetary fines, there are far greater costs associated with noncompliance such as lost reputation, damaged customer trust and loyalty, financial losses, lost business, lawsuits and other results of a breach. "Relative to PCI Compliance, there are layers of danger facing companies that handle customer financial and personal data. Many companies have a false sense of security, not realizing that when they work with a provider that is PCI Compliant, yet still commit behaviors like storing customer credit card information in their CRM tool, they are putting themselves and their customers at risk," said Ed Sullivan, CEO of Aria Systems. He added, "Even more alarming is that many companies don't understand at all the gravity and potentially catastrophic consequences of working with a non-PCI Compliant billing provider, or one with only a single component of its processes Compliant."

Sullivan notes, "Aria Systems is the only SaaS billing provider truly dedicated to the safety and security of our customers' transactions. And we have the certification to prove it." To maintain level one compliance, Aria Systems must adhere to annual third party audits and integrate regular upgrades into their security systems. To manage these audits, Aria Systems has partnered with Trustwave, a leading provider of on-demand data security and payment card industry compliance management solutions, to oversee penetration tests, manage code reviews and inspect firewalls.

"While we have always trusted Aria's commitment to the security of our data and billing transactions, their decision to spend the time and money associated with becoming level one PCI compliant adds even greater assurance and validity in their services," said John Miller, Managing Director and Principal of Decision Intelligence. "With so many threats posed to Internet transactions, it's important for any company that manages its billing with a third party vendor to insist that the company be level one PCI compliant."

The PCI Security Standards Council cannot prevent companies from claiming PCI Compliance (in fact many do), but only those that are named in the PCI Data Security Standard (PCI DSS) annual report are truly compliant. Companies that are unsure of whether or not their billing provider is PCI Level 1 compliant are urged to check the list of those companies that are certified as such, at http://usa.visa.com/merchants/risk_management/cisp_service_providers.html.

About Aria Systems Aria Systems is the leading provider of subscription billing solutions and offers the only "monetization platform" encompassing the full spectrum of Billing and Customer Lifecycle Management services. The "monetization platform" offers clients the on-demand billing industry's most flexible tool for accelerating revenue capture, optimizing cash flow, and enabling actionable market intelligence while significantly reducing operating costs throughout each phase of the customer lifecycle. Acknowledged as the SaaS billing leader in terms of experience and execution, Aria manages and maintains more than 1 million accounts and has processed more than 1 billion transactions since it began operations in 2003. With Hummer Winblad Venture Partners, Venrock, and software billing icon Dave Labuda as investors, the company is based in Media, Pa. (metropolitan Philadelphia), and has offices in the San Francisco bay area as well. For more information, visit www.ariasystems.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-16
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend...
PUBLISHED: 2021-04-16
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or ...
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a se...
PUBLISHED: 2021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS build 20210202 (and later) QT...