In the first two blog posts we have identified the Payment Card Industry Data Security Standard, who needs to comply, why, and how to get information. My search for PCI information has lead me to numerous news pages and blogs although recently I discovered several podcasts which all touch on the subject, feature industry experts or offer advice.

Many vendors are positioning their products as compliance offerings, but when should you focus on fine-tune your existing architecture and when is it time to buy? And when it is time, what should you keep in mind?

This Podcast will count down the top five questions that you should ask when preparing to make a compliance-related purchase. [SearhCIO]

The “Top 5 Questions to Ask When Shopping for Compliance Products” podcast asks:

• What areas of compliance does the product help to address and what successes have customers had with the product.
• Does the product scale?
• Can the product be secure?
• How does it integrate with other products and activities?
• How much work and time will it take to for organization to realize the benefits of the product?

Another podcast series is ‘Speaking of Security‘ mostly features computer security but has special episodes focusing on PCI.

Speaking of PCI. This podcast focuses on the Payment Card Industry Data Security Standard: what it is and how it’s driving companies to adopt lifecycle information-centric security strategies to comply with other regulations and to implement industry best practices in terms of Enterprise Data Protection. [RSAPodcast]

Gartner Voice - ‘a podcast for business and IT professionals’ - also offers up some helpful tips on compliance in an episode from April 2006.

The Payment Card Industry (PCI) Data Security Standard was created in 2001 yet the card-accepting industry still struggles to demonstrate compliance with it, let alone protect cardholder data in many cases. Learn what steps your organization can take to cope with the growing need for compliance.

And finally, I found this link via the Forbes website - Configuresoft’s Sound Advice podcast series titled, “PCI DSS State of the Union.”

In the first podcast of a three part series, Chris Farrow, director of Configuresoft’s Center for Policy and Compliance and Co-founder of the PCI Security Vendor Alliance, provides an overview of the current state of PCI DSS compliance in the enterprise: what’s working, what’s not and where the standard is heading. [Forbes][ConfiguresoftPodcast]

No matter the size of your company or the number of transactions processed, this standard will effect all merchants who accept credit or debit cards in any way shape or form. Feel free to share thoughts, links and ideas for the next installment of this PCI blog series in the comments section below, touching next on implementation.

For more information from E-xact about PCI DSS, keep an eye on our PCI Blog or visit our About Page for links and information.

E-xact Transactions Ltd. has been fully compliant with the industry since 2004.
[About - E-xact]

PCI Basics:

• PCI DSS Self-Assessment Questionnaire
• PCI Data Security Standard v. 1.1

E-xact Transactions Ltd. is pleased to announce its sponsorship of the Vancouver Ruby/Rails Group, covering their Meetup.com fees until April 2008.

The Vancouver Ruby/Rails Group organizes monthly meetups and offers a forum for Ruby/Rails users in and around Vancouver to connect and to discuss, share and extend their knowledge on all things Ruby and Rails.

The group offers a forum for discussion, job board and a place to network with other local Rails & Ruby professionals and enthusiasts. E-xact’s new Realtime Payment Manager application, RPM is built using Ruby on Rails technology, which is a web framework that focuses on increasing speed and ease to database-driven sites.

Ruby on Rails is an open source web framework that’s optimized for programmer happiness and sustainable productivity. It lets you write beautiful code by favouring convention over configuration.

E-xact is excited to be a part of the local Ruby community, and to be able to support its events. We are also currently looking for a Ruby Designer/Developer to join us in our new office space in Yaletown. The job listing can be found in the Careers section of our website, E-xact.com.

Throughout the coming weeks we’ll be featuring articles and information regarding PCI compliance, in an effort to educate merchants and acquirers about this standard. You can subscribe to all of E-xact’s blog posts using the “PCI” category or keep an eye on our PCI Blog for links and information.

As the PCI deadline approaches, merchants are finding out just what it takes to become compliant and more importantly, how crucial it is to be a part of this movement.

Visa USA recently announced that 96 percent of the largest businesses[1] that accept Visa cards for payment have confirmed they are not storing sensitive account data. Storing prohibited account data including security codes and PINs violates Visa rules and increases a business’ risk by making it a target for hackers [RetailSolutionsOnline]

The other morning I sat in on a webcast sponsored by Information Week entitled: PCI Compliance for Data in Motion - How to protect payment card data transmitted via email and file transfer. There are so many aspects to PCI Compliance it’s difficult to hone in on what directly applies to your company. The first step is recognizing how important it is to be secure, and for a basic example I’ll share the results of an online interactive poll from the webcast.

According to results from participants on the call, 83 % had “No Idea”, 10% used “Spot Checks”and “Standard IT Reports” happen about 6.7% of the time. The call leader, Dan Maier, the Sr. Director of Product Marketing with Tumbleweed Communications was not surprised by these results as many companies are unaware of the sensitive content that might be moving through their email stream.

You can download Tumbleweed’s Whitepaper on PCI compliance for more information about the presenters of the webcast.

During the question and answer session a caller asked how their start up company can figure out the process for accepting credit cards, and what is the first thing they should be doing.

Mr. Maier suggested right away that they go and find an experienced payment gateway company. Payment gateways such as E-xact can help setup particular systems for managing credit card processing. Start ups (along with established businesses) also need to learn how to manage and store credit card information securely - better yet, with E-xact, we can assist with compliance in this manner i.e. using RPM ensures the non-storage of data on company systems.

For more information, there are actually dozens of PCI blogs out there and we’d like nothing more than to pass on that information. Links and tips we find about PCI in the news are shared and posted on our “Newsroom” page under our “PCI” deli.cio.us links in the sidebar. Should you come across a PCI blog or news article feel free to send it our way on deli.cio.us, if you have an account. Simply tag the story “for:ExactTransactions“.

Our most recently bookmarked link is an entry entitled ‘How to Become PCI Compliant‘. It features basic PCI facts, outlining the different levels of compliance for various tiers of businesses, merchants and providers.

E-xact customers and those inquiring about using E-xact as a secure payment gateway should know that we have been compliant with the industry for several years.

“We’ve been doing security audits since 2003 and this year’s audit was the most detailed yet. It’s great to see the industry recognize our efforts in treating data security as a critical priority within our organization,” Peter Fahlman, President. [News Release, May 2007]

Processing your payments through E-xact ensures that data is not being stored on our systems, and your transaction information is safe and secure. You can view our listing on Visa’s list of compliant service providers or read Mastercard’s PCI Manual for more information.

Archive audio for the webcast mentioned in this blog post is available here

As of September 5th, 2007 the old login for Member Services (https://secure.e-xact.com) will be discontinued.

This has been replaced with https://pos.e-xact.com, which is the address for our exciting new Realtime Payment Manager - RPM.

By bookmarking, saving, and logging into the application using the new URL you will have full access to RPM and all of its features including Point of Sale, Batches, Reports, Searches and Terminal/User Administration.

Existing customers: Your credentials have not changed, simply login to begin your daily payment processing tasks. To learn more about the new tools offered in RPM, visit the RPM information page.

You may also view highlights and new features offered in RPM on one of our screencast demos.

New and potential users: To help spread the word about what RPM could be doing for your business, we invite you to try a free demo account.

Take RPM for a test drive to find out exactly how our fast, secure and reliable payment application can work for you. Click on the “Free Trial” button at the top of our home page to sign up.

Learn more about what RPM can do for you and your business by browsing our RPM page, or visiting our website regularly for all news and updates.

Vancouver, BC – September 4, 2007 - E-xact Transactions Ltd. (TSX VENTURE:EXZ) (www.e-xact.com), a leading provider of secure payment gateway solutions, is pleased to introduce RPM, the next generation of Realtime Payment Management.

Developed using the latest Web 2.0 technologies, including the highly advanced Rails platform (www.rubyonrails.com), RPM offers a suite of tools for managing online payment operations that are as powerful and rich as they are simple and intuitive.

With RPM you can conduct transactions at any time of day, from just about anywhere, and without having to wrestle with complicated software. Using only a web browser, merchants can log onto their own secure, online account and process or manage transactions in real time with RPM’s suite of payment solutions. Complete with a full set of customization options RPM also includes a comprehensive reporting package, email notifications and a concise history of your transactions, available through a flexible search interface.

Peter Fahlman, President of E-xact states, “With RPM, our customers can truly benefit from an easy to use payment portal while simultaneously providing a secure storage repository for all their payment data.”

The release of RPM marks the Company’s successful transition to a simpler and more secure architecture for its online payment solutions.

Visit www.e-xact.com for more details and to sign up for your own account to take RPM for a test-drive.

“Peter Fahlman”

Peter Fahlman, President

About E-xact Transactions Ltd.

The statements which are not historical facts contained in this release are forward–looking statements that involve risks and uncertainties. E-xact Transactions Ltd.’s actual results could differ materially from those expressed or implied by such forward-looking statement. Factors that could cause or contribute to such differences include but are not limited to competition, general economic conditions, currency fluctuations and other risks detailed in the Company’s filings with the Canadian securities regulatory authorities. The TSX Venture Exchange has not reviewed and does not accept responsibility for the adequacy or accuracy of this release.