$200bn of Credit Card Transactions Will Not Meet Payment Card Industry's Security Standards in '07, Says ExaProtect

PCI DSS Compliance Is Simply Infosecurity Best Practice, Says Security Management Vendor


MOUNTAIN VIEW, CA--(Marketwire - May 30, 2007) - ExaProtect, a leader in intelligent security management, calculates that over $200 billion in consumer and business credit card transactions made during 2007 will not meet the data security standards managed by the Payment Card Industry (PCI) Security Standards Council.

Despite moves by the PCI Security Standards Council to encourage larger retailers and other organizations to demonstrate compliance with its 12-point Data Security Standard, half of the world's largest merchants are not yet compliant. Furthermore, many retailers do not have a timetable for achieving compliance in place before the anticipated June 2007 deadline.

ExaProtect says this puts transactions with a value exceeding $200 billion potentially at risk. To put this figure in perspective:

--  A $200bn stack of one-dollar bills would be over 20,000km high:
    equivalent to travelling halfway around the Earth's equator
    
--  It is more than the cost of the Space Shuttle program from inception
    in 1969 to its planned retirement in 2010 ($174bn)
    
--  It is more than double the estimated cost of the International Space
    Station ($100bn)
    
--  An end-to-end chain of one-dollar bills would stretch to the moon and
    back, 40 times (over 31 million kilometres)
    
The world's largest retailers and merchants take over 1.5 billion credit card transactions annually. Leading payments company Visa has 230 merchants that each process over 6 million transactions per year, with similar data from rivals -- yet less than half can demonstrate PCI compliance.

Jean-François Dechant, CEO of ExaProtect, said: "It's incredible to think that such a vast amount of transactions and payments will not meet compliance standards over the coming year. Yet the compliance demands are not unreasonable given what's at stake, and the number and sophistication of security threats today.

"The positive aspect is that $160bn of transactions per year now are secured to PCI standards as the industry moves toward compliance. These measures cannot totally eliminate hacking and other types of fraud. However they do embody the best available security practice and technology, and will help to ensure a consistent level of security across the payments industry. We are working with a number of key players in this sector in the drive towards PCI compliance," Dechant added.

Compliance with the PCI Data Security Standard means organizations must prove to auditors that their networks and security policies comply with the set standards. Penalties for non-compliance include severe fines and loss of business.

About ExaProtect -- intelligent security management

ExaProtect is a unique global player in the information security marketplace, offering a complete start-to-finish security management solution. Its powerful, integrated 'View & Do' approach is of great benefit to its 300+ existing customers, who include many Fortune 500 enterprises, international telecommunications companies and government organizations.

ExaProtect technology empowers users to meet the increasing demand for unified control of multi-vendor network and security systems, whether their goal is to raise information security levels, demonstrate compliance, and/or improve operational efficiency.

ExaProtect's US headquarters is in Mountain View, California, and its EMEA headquarters are in Paris, France. With 7 offices worldwide, the company delivers a global solution. For more information and local contact details, visit: www.exaprotect.com

Contact Information: Press Contact: Victor Cruz (508) 655-4397 exaprotect@mediapr.net.