Standard PCI DSS information security of payment cards

Problem introduction

The problem of protecting confidential information from unauthorized access is one of the most topical. At the same time the efforts of black hackers are increasingly directed to the theft of confidential data cardholders. In recent years all over the world, acts of so-called karderskih crime, accompanied by the data being compromised card holders and then use the information received to commit fraud.

On the positive side of this situation lies in the fact that the information provided by the security standards payment card industry (PCI Security Standards Council) 1 October 2008 a new version of the standard PCI DSS - version 1.2 - does not provide for the imposition of any significant new requirements in addition to the existing twelve, acting initially. It should be noted that the issuance of a revised version of the PCI DSS implemented in full accordance with the originally agreed process life cycle of the Standard, which provides for its review and update periodically once in two years. As the PCI Security Standards Council, the main changes in version 1.2 are the clarifications and comments to the existing requirements.

Data Security Standard Payment Card Industry (PCI DSS) was developed by international payment systems themes of American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. in 2004 as a single set of requirements for data security, has combined the requirements of a number of programs for the safety of these payment systems. The purpose of this standard is to protect the data of cardholders and preventing card fraud by improving security in the industry as a whole. Action PCI DSS applies to all trade and service enterprises, processing centers, credit and financial organizations and service providers who work with international payment systems, ie any company or entity that transmits, processes and stores sensitive data cardholders.

September 7, 2006 Payment Systems American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International issued a joint declaration establishing the independent Council on Security Standards (PCI Security Standards Council), the main activity of which was coordinating the devel ¬ formulation and development of PCI DSS.

According to experts, this event became a milestone in the activities of payment systems for the protection of data cardholders, exclusively emphasizing the importance of this problem on a global scale. Creating an independent Board to work on a security standard PCI, its founders are developing the system, the most accessible and ef ¬ serve as effective for all participants in the payment process, including trade and service enterprises ¬ WIDE, processing cents ¬ ture and financial organizations.

The Council acts as an advisory group and provides the overall development of safety standards PCI. Each member of this structure has the opportunity to suggest changes, contribute to future projects, participate in developing amendments to the standards of safety, as well as to influence the activities of the organization as a whole. In addition, participating organizations have the right to elect and be elected in consultation ¬ cess in body of the security standards PCI.

Among the challenges facing the Council - to develop and strengthen a global standard security technology to protect data about the card holder, reducing costs and timing of the introduction of data security standard by establishing common technical standards and verification procedures for all payment systems, as well as creating a database of qualified developers of security solutions.

The new structure started with the adoption of information security standards PCI Data Security Stan ¬ dard v. 1.1, aimed at determining the level of security information on the card holder, as well as the formation of recommendations for retail and service businesses, manufacturers and ¬ tributors of software solutions and terminal equipment on the measures needed to improve IP protection ¬ polzuemogo software.

Developed standard is a list of requirements for safety management systems, network infrastructure, policies, procedures, software development and other measures of data protection of holders of bank cards. The requirements defined in the standard, designed to perform primarily financial institutions, trading companies and service providers that store, transmit or process the data of cardholders in the course of everyday activities.

Thus each payment system is still responsible for the introduction of its own standardized programs in this area.

The main objects of the standard PCI DSS are:

• network infrastructure;
• means of physical security;
• IT infrastructure;
• application software;
• internal policies and procedures.

Despite the fact that the standard makes all the structures, working with international payment systems, very high demands, costs for which you have to bear most market participants, the benefits of industry participants to ensure compliance with PCI DSS are undeniable.

The increased risk of compromised data card holders and cases of hacking systems, working with maps, requires more stringent controls to protect confidential data of cardholders. If we talk only about the most challenging crimes in the card industry in recent years, can result in a very long list "of successful initiatives" cyber criminals. Thus, in 2005, the U.S. processing company Card System Solutions announced criminals compromise confidential data for more than 40 million cardholders. In January 2007, hackers gained access to the data of approximately 100 million cards company TJX, operator of discount networks, TJ Maxx in the U.S. and TK Maxx in Europe. Even relatively recently, in the past, in 2008, more than 12 million customers affected by the breach of security policy in the Bank of New York Mellon, which resulted in compromised confidential data of cardholders, including details of the documents of social security, name , address and date of birth . Today, having learned from bitter experience, the bank carefully reviews its security policies and procedures, as well as taking the necessary steps to ensure that the introduction of industry-leading security measures in all areas of their business.

March 23, 2009 giant card payment system - the company Visa - struck a blow to public companies Heartland (Heartland), a leading system of debit and credit payments the United States, removing it from its list of service providers of electronic payments, which comply with safety standard Payment Card Industry - PCI DSS. Organizations providing services to electronic payments, the relevant rules of this standard are required to protect confidential information, holders of bank cards, as well as to combat theft of personal data and fraud.

The company Visa has questioned the line system of protection payments Heartland PCI DSS compliance after the system was hacked in late 2008, stating that no commercial organization to meet the standards of payment systems, has still not been compromised.

January 20, 2009 Visa and MasterCard told the public about the discovery of suspicious activity around the transactions on bank cards. Heartland Company explained that in late 2008 in their system was discovered by a virus. Compromised data included information on the card number, expiry date maps and other data that are read from the magnetic strip bank cards. In some cases, the names of holders of debit and credit cards Heartland Network, which in the US, there are 250000.
Heartland did not disclose the extent of leakage, but the management of the company described it as one of the largest in history. Across the country, banks have responded quickly and began to send cards to replace, and also advised customers to closely monitor their accounts.

Trust cardholders to various companies and organizations with access to their personal information, which, in fact, rests the success on the international payment systems around the world were noticeably shaken by these incidents of breach of security, high-profile in all regions. Thus, in order to increase the level of confidence of end users, today it is vital to ensure that the standard PCI DSS. Minimizing the possibility of violations of security policy system and the leakage of confidential data will restore the confidence of cardholders and at the same time will help to avoid huge losses that may result from such violations, not to mention the often irreparable damage to the reputation of any market participant.

What are the advantages of the successful certification of compliance with the requirements of the standard PCI DSS?

For business in general is: prevent sanctions by the payment systems;
- obtain an international certificate in information security, which affects the improvement of company image and brand for quotes on world markets;
prevention of incidents of information security and as a result of reducing the potential losses to business; improve customer trust and loyalty to the Company;
improving the image of the Company on both the local and international level;
increased "transparency" the company information system for management and as a result of increased manageability of information security of the Company;
improving the effectiveness of the Company's employees; culture change in the direction of understanding the issues of information security, particularly in dealing with personal information cardholders; raising the overall level of data protection, which the company operates; reducing threats to the company's business processes; receipt by a new competitive advantage, not only to demonstrate their competence in information security, but also the fact that companies are concerned about data security of its customers.

For units of information technology is: receive an international certificate in information security as a confirmation of competence and level of information security company; improving reliability and manageability of information security;
obtaining additional tools to manage, control and monitoring information systems company; reducing possible security risks associated with personal information cardholders; increased transparency of all processes of information security systems company; obtaining a comprehensive plan (portfolio) vulnerabilities and reduce information risk; vulnerabilities of information systems company; awareness of company personnel in information security, which is a prerequisite for the introduction of effective information security policy in the company; improve security of information during its processing and distribution; regulation of the Company's employees access to information on cardholders; effective management of staff as the IT departments, and improving communications with the service information security.

For customers / users of IT services are: operations with personal information cardholders become more secure; significantly improves the protection of personal information storage cardholders; dramatically reduces the risk of discrediting personal information cardholders; increases overall efficiency and reliability of the information security system company.

Thus, the passage of the complex steps to meet requirements of PCI DSS will allow the customer to receive the following benefits:

• Increase the confidence of customers, partners, contractors, business owners;
• Obtaining a certificate as a guarantee of international recognition;
• Transparency and clarity of business to customers, partners and the law;
• Reducing the risk of compromising sensitive information

So what we have achieved so far? How active and successful banks are now certified as compliant with PCI DSS?

Let's start with the fact that in different regions of the current situation can vary greatly. For example, in the United States, this process was accelerated by the threat of heavy fines and legal sanctions that apply in the case of the data being compromised card holders.

In Europe, where the relevant aspects of the legislation is not so developed, progress is slower. It is currently in the European Union, members of international payment systems ¬ GOVERNMENTAL perform audits of their systems to bring them into compliance with PCI DSS on a voluntary basis. However, in the future, most likely, they will have to act not only on its own initiative, but also under the influence of a coercive nature.

In turn, in the CIS region considerably ¬ quantity required of banks, including Russia's credit institutions, has already concluded an agreement with the Qualified Security Assessors (QSA), and now they are gradually moving towards the standard.
According to the requirements of international payment systems, all companies and organizations that transmit, process or store confidential data of cardholders, must undergo an audit for compliance with PCI DSS. It is obvious that such an audit can be performed only company of certified payment systems for such activities.
A striking example here is Sysnet, working in the information security market since 1989 and having the status of PCI Qualified Security Assessor since 2005, ie from the very beginning of his actions. Currently Sysnet is the lead partner for banks in the Ukrainian market and rapidly expanded its activities to other countries in the CIS region.

So, what attracts the company Sys ¬ net in the CIS region? We are proud to provide our clients with highly customized solutions tailored to the specific challenges faced by our customers. We provide customers with professional unbiased advice and service support, which enables them to achieve compliance with the standard PCI DSS. What distinguishes the company Sysnet from most of its competitors? First is the existence of our company's certificate of accreditation services for the international standard ISO 27001. We are an "independent provider", not related to any specific vendors or other interested entities. Thus, if the company identified the problem area in the security policy of a particular customer, then we have the opportunity impartial practical advice for the most effective solution to a problem. For example, it is clear that the structures that have already begun the process of certification for compliance with requirements of PCI DSS, are on the right path, but what about those who have not taken real steps in this direction? Not if they lost time? Most banks have already started to at least contact the QSA for assistance in achieving compliance with the standard. But for those who have not yet done, now is not too late to embark on such initiatives. Depending on the already existing level of practical compliance with the standard one or other structure can prepare for the audit of PCI DSS at least three months. If, however, require significant infrastructure changes, you may need 1-2 years or even longer. In general, as practice shows, the larger the organization and the more long time it was created, the more it needs time to implement necessary changes to ensure compliance with the Standard.

So, if we talk about Acquiring Banks, they must not only ensure their own compliance with PCI DSS, but also have an additional responsibility for ensuring that work in this direction of its merchant in accordance with the requirement of payment systems. In the exercise of that process credit and financial institu ¬ Niya payment systems are required to report on the status of your merchant in the format required by each of them.

For further information, please visit our website at www.sysnetglobalsolutions.com

Dublin Company Sysnet Invests €1.27m in Major Expansion with Enterprise Ireland Support

November 03, 2009, Dublin, Ireland

Tánaiste Announces 60 New High Value Jobs

The Tánaiste and Minister for Enterprise, Trade and Employment Mary Coughlan T.D. today announced that Dublin information security consultancy and services company Sysnet is to invest €1.27m in a major expansion programme with support from Enterprise Ireland. The expansion will see Sysnet create 60 new jobs over the next four years.

The investment will position Sysnet to expand its export footprint and meet opportunities in emerging markets, such as the Ukraine, Russia, the Middle East and Africa. The investment is being supported through Enterprise Ireland’s Growth fund which promotes the expansion of internationally trading companies through investments in staff, equipment and technology to increase competitiveness and encourage new exports.

Sysnet was established in 1989 as an open systems information technology company and in recent years has diversified into the payment card data security market developing Securus – a unique online compliance product for international banks and other organisations handling payment card data.

Making the announcement the Tánaiste said: “I’d like to congratulate Sysnet on its latest expansion programme supported by the Government through Enterprise Ireland. Growing Irish exports is fundamental to Ireland’s economic recovery and this investment will propel Sysnet into its next wave of export growth by enabling them to access high-growth markets such as Russia and the Middle East.

For further information, please visit our website at www.sysnetglobalsolutions.com

Sysnet Forms Alliance with GTX Partners

October 14, 2009, Dublin, Ireland

Sysxnet Ltd trading as Sysnet, headquartered in Dublin, Ireland, is pleased to announce its strategic partnership with GTX Partners LLC. Sysnet is a worldwide provider of information security assurance and payment card industry compliance services.

“We are very excited to welcome the expert knowledge of the electronic
payments industry that GTX Partners bring to Sysnet” said Tom Moynagh,
managing director at Sysnet “The electronic payments security market offers
significant opportunities, particularly in emerging markets such as Russia and the Middle East, and this partnership will enable Sysnet to take full advantage of those opportunities and realise its international expansion goals”.

Edward Grzedzinski, co-founder and former chief executive officer of NOVA
Information Systems, Inc., is managing partner of GTX Partners LLC. Both
Grzedzinski and Erik Toivonen of GTX Partners LLC will join Sysnet’s board of
directors.

“This is an exciting time in Sysnet’s development and we are very pleased to be part of the team” said Grzedzinski. “Erik and I look forward to assisting Sysnet in the successful implementation of what is both a challenging and rewarding business development plan”.

About Sysnet

Established in 1989, Sysnet is a leading provider of information security assurance and payment card industry compliance services worldwide. Sysnet offers a range of professional security services, including its proprietary web based compliance management product Securus, to a wide variety of businesses including Acquirers, International banks and government departments.

Sysnet is a market leader in IS0 27001 services, vulnerability management and audit and assessment consulting through the Payment Card Industry Data Security Standards (PCI DSS) program. Headquartered in Dublin, Sysnet has established relationships with Banks, Service Providers and Merchants in over 30 countries worldwide.

About GTX Partners LLC

Formed in 2009, GTX Partners LLC provide capital and strategic business development support to early- and mid-stage companies operating in the payment card industry. Together, Edward Grzedzinski and Erik Toivonen represent nearly 60 years experience in the business. Their working relationship began in 2001 at NOVA Information Systems.

For further information, please visit our website at www.sysnetglobalsolutions.com

Sysnet establishes a regional office in Moscow, Russia to provide a new concept in the provision of information security services

September 08, 2009, Moscow, Russian Federation; Dublin, Ireland

Sysnet Company (www.sysnet.ie), Ireland, announces Russian consulting market entry. The company provides consulting services in the fields of information security, bank systems security assessment and data security standards compliance for payment card transactions (Payment Card Industry Data Security Standards – PCI DSS) www.pcisecuritystandards.org

The company Sysnet cooperates with major banks, service providers and merchants that are interested in achieving the certification required for entities that are involved in the payment card industry.

Maria Shipkova, Sysnet (www.sysnet.ie) regional manager for Russia and CIS countries said: “Our company is well known in the international market and earned a solid reputation among the European and American banking structures. I attach great value to the high quality of Sysnet consulting projects in Russia and the use of acquired experience in other parts of the world”.

Vivian Duff, Sysnet business development manager for Europe, Near East and Africa said: “Sysnet holds all the required certificates for PCI DSS analysis of bank systems and since the beginning of 2008 is actively working on the questions of providing services to Russian banks and processing centers”.

The company boasts great experience and a number of certificates of Visa and MasterCard international payment systems.

• Visa Qualified Security Assessors (QSA)
• Mastercard Approved Security Scanning Vendors (ASV)
• ISO 27001 Certified Information Security Consultants
• Vendor Independent Information Security Consultants
• Payment Application Qualified Security Assessor (PA-QSA)

In Russia, Sysnet Company carries on joint projects with Enterprise Ireland and takes part in Russian, Ukrainian and Kazakh marketing events. Sysnet established a reputation of a reliable and effective PCI DSS services provider and is planning on becoming a partner of the leading Russian banks in order to provide the up-to-date interaction with international payment systems and the compliance with the requirements of the major payment card associations.

For further information, please visit our website at www.sysnetglobalsolutions.com

Rahaxi, Inc.'s Finnish Subsidiary Rahaxi Processing Oy Achieves Full PCI DSS 1.2 Compliance

May 12, 2009, Helsinki, Finland

3rd consecutive year of full PCI-DSS compliance demonstrates commitment to deliver secure services to its clients

HELSINKI, May 12 /PRNewswire-FirstCall/ -- Rahaxi, Inc. (OTC Bulletin Board: RHXI.OB - News) an international card payments processor and technology company, today announced that its wholly owned subsidiary, Rahaxi Processing Oy has successfully renewed its PCI-DSS compliance in Finland. This achievement of PCI compliance demonstrates that Rahaxi has met the stringent compliance requirements of the Payment Card Industry Security Standards Council www.pcisecuritystandards.org

PCI-DSS is a set of industry-wide requirements and processes (instituted by Visa, MasterCard, Diners, AMEX, JCB and Discover) that ensure the security of valuable cardholder account data. PCI-DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Vivian Duff, Business Manager of CEMEA Region at Sysnet. commented: "Achievement of PCI-DSS 1.2 proves that Rahaxi has followed international best practices to properly protect the sensitive cardholder data and minimize risk of financial losses to the cardholders and/or the companies that are storing, processing or transmitting the cardholder data."

He also added: "This certification attests to the integrity and security of Rahaxi's systems and environment. It provides independent verification that Rahaxi's information-handling processes have undergone in-depth audits by a vendor neutral Qualified Security Assessor, such as Sysnet. This is the third consecutive year that Rahaxi has been assessed and certified, thus demonstrating a consistent track record for maintaining the highest levels of certification for those operating in the Payment Card Industry. Sysnet congratulates Rahaxi on achieving the PCI-DSS certification and demonstrating its commitment to deliver secure services to its clients."

Ciaran Egan, Chief Financial Officer, added: "The successful renewal of PCI-DSS compliance by Rahaxi for a third consecutive year further demonstrates our continued investment in our technical infrastructure together with our continuous commitment to meeting the leading standards in the payment industry. It clearly provides confidence to our expanding customer base and assures our clients that we are continuing to deliver high quality solutions inline with international best practices. PCI-DSS compliance is an important factor in assisting the Company in achieving consistent future revenue growth.

About Sysnet

Sysnet helps organizations to meet today's challenges by providing a full range of services for assessing and assuring PCI DSS compliance. Our services include PCI DSS Assessments, Audits, Vulnerability Scanning, Penetration Testing and Payment Application Best Practice Assessments.

For further information, please visit our website at www.sysnetglobalsolutions.com

Vector Company together with Sysnet Company (Ireland) hold seminar in Kiev, Ukraine

It is no a secret that, practically all banking institutions of Ukraine during the process of POP expansion, is confronted with the question
of communication transport deficiency. The organization of their own channels is already frequently become non-value-added. As a consequence - occurring everywhere the utilization of public access network for that. The conference” PCI DSS standard in the informational security of the cards of payment. The problem of the introduction” was dedicated in particular to the questions of the security organization for the realization of money transactions in such type of transport.

On the 27 of January of 2009, in Kiev, at the conference hall of АККО International, the conference gathered 35 representatives of 16 largest Ukrainian banks and Ukrainian Processing center, experts on the informational security, the press representatives. The organizer was Sysnet Company (Ireland), the coorganizer was "Вектор" company (Kharkov), and a communicatory sponsor was publishing house "Декабрь".

In the context of the conference Vector Company presented decisions for the construction of defended network of payment based on the Billion’s equipment, the exclusive distributor of which is Vector Company. The director of the representative Vector’s office in Kiev, Andrey Lynnyk, how, during the using Billion’s production, to realize the protected corporative networks and networks of payment, that are built based-on physical environment of data communications – optics, copper, wireless technologies. At the report there were proposed some decisions, based on broadband IPSec VPN routers of BiGuard serie and on the universal BiPac routers, with the support of different technologies on the last mile, ADSL2+, SHDSL, 3G. Having not very big price, large functional, Billion’s production allows developing of payment terminals in short terms with the low financial costs.

There were also mentioned that such decisions are interested not only to banking structures, but also to other businesses that demanding available, protected and the mobile access to the corporative information. There were presented reports of the companies Sysnet, УПЦ, Novell, Свит-IT, БакоТек and Vector. The audience was discussed and was interested very much of the reports. Taking into account the importance and opportuneness of the reports’ subjects there was advanced the suggestion to do such arrangement every year.

For further information, please visit our website at www.sysnetglobalsolutions.com

PCI DSS - progress in all respects

In connection with the expected soon release of the renovated version of the standard PCI DSS the correspondent the periodical “[PLAS]” met with the representatives of the international consultationalservice company Of Sysnet, which specializes in questions of providing Information Security and which leads its activity in a whole series of regions of the world, including the CIS. Thus, in 2008. company opened its representation in Kiev. In the course of conversation we asked Duff, commercial director of the company Of Sysnet on the region of the CIS, to describe, what concrete successes in the process of introduction PCI DSS were achieved at the given moment by participants in the industry, and to also give useful advice to those of them, who thus far yet did not hurry to carry out any real steps in this direction, but it desires to make up that missed.

The positive moment of present situation consists in the fact that recently presented by council for the standards of safety of the industry of pay maps (PCI Of security Of standards Of council) the survey of the forthcoming changes in the standard PCI DSS (version 1.2 ) does not provide for the introduction of any serious new requirements in addition to that to already existing of twelve, which act originally. It should be noted that the release of the reviewed version PCI DSS is accomplished in complete agreement with the originally matched process of the life cycle of the standard, which provides for its revision and renovation with the periodicity of times in two years. As notes PCI Of security Of standards Of council, basic changes in version 1.2 are explanations and commentaries to the existing
requirements.

Vivian Duff - the business manager of the company Of Sysnet in the region of the CIS. It answers for the development of the business relations between Sysnet and by its bank- partners in this region. Vivian Duff - experimental manager with the rich experiment in the area of the assignment of the services of the estimation of Information Security.

Took active part in the realization of a number of projects with respect to the guarantee of a correspondence to the International standards PCI DSS and ISO 27001,including the projects of the state structures of Ireland, such as Defence Ministry, main controlling- financial administration, the commission for tax administration,control of national roads, the projects of several large banks, including of the First Ukrainian International Bank ([FUIB]), UkrEximBank, Nadra bank, and also the projects of companies, including OpenWay, Elavon financial services and others.

From the moment of its appointment to a post of the commercial director of the company Of Sysnet Vivian Duff became the key initiator of the development of the business connections of company abroad, as a result of which it established close partner relations with the local banks, the service providers and the commercial- service enterprises in more than 24 countries of region CEMEA.

On the initiative Vivian Duff was created the office of Sysnet in Kiev and the command from the local specialists and the consultants in questions of Information Security, which provides the demands of the banks, which lead their activity in this rapidly developed region and rendering services with the support of the Russian language was formed.

Because of the designation to the key positions of experienced specialists the company Of Sysnet attained an exuberance in the quantity of clients from the number of banks, which made the decision to use resources Of Sysnet for purposes of the guarantee of a correspondence of their structures to the requirements of the standard PCI DSS. Vivian Duff is solidly confident, that status of the independent provider of the services of Sysnet and its adherence to the interests of clients is key to the present and future success of company in this region.

In the forseeable future Vivian Duff assumes the creation one additional foreign office of company,which will be located in Moscow. Its tasks they will become control of the support of the growing number of clients, who need the international consultational experience Of Sysnet, for the rendering by them of effective aid in the guarantee of a correspondence to contemporary requirements in the region of providing Information Security of banking sector and pay systems.

For further information, please visit our website at www.sysnetglobalsolutions.com

Freestar Technology Corp's Rahaxi Processing Oy Achieves Visa and Mastercard PCI DSS

December 13, 2006, Dublin, Ireland

It Is Only the Second Finnish Company to Achieve Certification

DUBLIN, Ireland, Dec. 13 /PRNewswire-FirstCall/ -- FreeStar Technology Corp. (OTC Bulletin Board: FSRT - News) an international card payments processor and technology company, today announced that its wholly owned subsidiary, Rahaxi Processing Oy., is now listed on Visa's website, along with such companies as First Data International, as having been awarded Payment Card Industry Data Security Standards (PCI DSS) compliance accreditation to provide payment solutions in Europe. It is the second Finnish payments solution provider to receive certification.

PCI DSS is a set of industry-wide requirements and processes (instituted by Visa, MasterCard, Diners, AMEX, JCB and Discover) that ensure the security of valuable cardholder account data. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

This comprehensive standard is intended to proactively protect consumer data for organizations that store, transmit or process cardholder account and transaction data, including merchants, acquiring banks and related service providers.

Paul Egan, chief executive officer of FreeStar Technology, said, "We are delighted to announce our certification for the PCI DSS compliance. This is an important milestone for the company, one that should attract significant new business. We are pleased to have met Visa's rigorous standards and make it to Visa's current list of 100 companies considering that there are several thousand competitors in the industry."

"Enforcement of the new standard is increasingly more vigilant with increased financial penalties for noncompliance and the real threat of acceptance privileges being suspended or revoked for organizations that do not demonstrate compliance with the standard," he added.

Sysnet Ltd., an official Visa Qualified Security Assessor (QSA) in assessing onsite compliance to PCI Standards, carried out the certification process. The certification indicates that Rahaxi Processing has been assessed against the objectives of the Visa Account Information Security (AIS), using the PCI DSS validation methods and was found to be compliant to PCI DSS.

Vivian Duff, business manager of Sysnet said, "Having worked closely with Rahaxi Processing during the last 12 months, it was a rewarding experience to see how the PCI DSS has helped validate the high level of information security management that has been developed to protect the business interests of its clients."

Duff added, "I congratulate Rahaxi Processing on achieving this certification and demonstrating its commitment to deliver secure services to its clients in Europe."

Jyrki Matikainen, sales director of Rahaxi Processing, said, "After working hard for more than a year on the PCI project, we are happy to receive the Visa approval. By combining PCI security with Rahaxi Processing's existing services and our several EMV certifications we provide our customers with a trustworthy, accessible and a secure turnkey solution. As the payment industry gets more diversified, the biggest merchants and the POS vendors are starting to look for dedicated payment specialists. Rahaxi Processing is now in a very promising position to fulfill this need. As sales director, I believe, the certification will have a positive impact on our revenue."

ABOUT SYSNET LTD.
Sysnet Ltd helps organizations to meet today's challenges by providing a full range of services for assessing and assuring PCI DSS compliance. Our services include PCI DSS Assessments, Audits, Vulnerability Scanning, Penetration Testing and Payment Application Best Practice Assessments.

For more information visit our website www.sysnet.ie or email info@sysnet.ie

ABOUT FREESTAR TECHNOLOGY CORPORATION

FreeStar Technology Corporation provides mission critical solutions to the financial industry worldwide. Working with merchants and acquires in over twenty countries, our product suite has empowered partners to focus on their core competencies, while our innovative driven approach has allowed them to benefit from first to market advantage and realize their true potential. FreeStar Technology Corporation has adopted a partnership strategy for growth. Our partners are market leaders in their respective industries. These include IKEA, Finnair and Stockmann. Our Subsidiaries Rahaxi Processing Oy Finland, FreeStar Technologies Ireland Limited and FreeStar Dominicana S.A. Dominican Republic, continue to develop and implement first class products and solutions that enhance the service level our partners can offer customers.

For further information, please visit our website at www.sysnetglobalsolutions.com SOURCE: FreeStar Technology Corporation.