PRESS RELEASE

WAKEFIELD, Mass., April 30, 2010 — Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the launch of its Internal Security Assessor Program (ISA), offering PCI DSS training and certification for internal assessment staff at entities such as merchants, acquiring banks and processors. The three day course is designed to test and qualify in-house security personnel on how to validate and maintain ongoing PCI compliance within their organizations.

The first session will take place on May 19-21 in Sydney, Australia and will provide attendees with in-depth technical instruction for enhancing the quality, reliability, and consistency of an organization’s internal PCI DSS self-assessments, supporting the consistent and proper application of PCI DSS measures and controls and effectively facilitating external relationships with PCI SSC certified Qualified Security Assessors.

The course will be led by PCI Security Standards Council experts including Tim Hartzell, the lead PCI SSC standards trainer, who has more than 25 years of experience in the technology sector and training members of the payments community.

Development of the ISA program is a direct response to Participating Organization feedback on the need to improve educational opportunities for internal staff. When combined with the Standards and QSA training offerings, the ISA program strengthens the Council’s commitment to providing educational opportunities for all stakeholders across the payment ecosystem to increase payment security.

“People and processes continue to be integral in developing a strong security strategy and meeting PCI requirements,” said Bob Russo, general manager, PCI Security Standards Council. “With this new training offering, organizations have the chance to develop their own in-house PCI compliance experts, and with the many other tools and resources provided by the Council, can implement a stronger ongoing security process to better protect cardholder data.”

This ISA training session will be available in multiple locations throughout 2010, including at the Council’s forthcoming Community Meetings in Orlando and Barcelona. As registration opens, details will be made available on the Council’s website.

For More Information:

ISA certifications are renewable annually, and are valid while the certified ISA individual remains at an ISA validated company that has sponsored their attendance at the training. ISA Training attendees must be full time employees of an ISA Company. For more details, please see the Validation Requirements for Internal Security Assessors (ISAs) and sponsoring companies

https://www.pcisecuritystandards.org/pdfs/pci_internal_security_assessor_program-isa_validation_requirements.pdf.

To register, please review the details in the education section on the PCI SSC website at https://www.pcisecuritystandards.org/education/isa_training.shtml.

Attendance fees are:

Non-Participating Organization: $2,495 USD per person

Participating Organization: $1,495 USD per person

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security.

The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Transaction Security Requirements (PTS) and the Payment Application Data Security Standard