The Importance of Compliance and Standards Councils at Futurex
Futurex’s solutions are used by thousands of customers in numerous industries all over the world. One thing they all having in common is compliance requirements. They trust Futurex for not only providing secure solutions, but also compliant ones.
With this mind, Futurex’s own experts sit on many industry standards bodies and actively provide input that helps shape the information security standards of tomorrow. This involvement helps Futurex stay on top of current compliance requirements and enables the company to anticipate and shape the next evolution of compliance. With this compliance-focused posture, Futurex can incorporate specific compliance requirements into their solutions from the outset of product conception and development.
On April 29th, Futurex will attend the 2018 Conexxus Annual Conference. Conexxus is a non-profit organization focused on innovation and standards establishment for new technologies in the convenience store and gas station markets. Conexxus provides a forum for various experts and stakeholders from different organizations to meet and work together to identify trends, establish common strategies and objectives, and ultimately create standards for technology and security in the convenience store and fuel markets. It is a rare opportunity for vendors and customers to work side by side to resolve challenges in their industries.
Accredited Standards Committee X9
Futurex is also member of the American Standards Institute’s X9.24 subcommittee on Retail payments. This committee oversees many industry standards, but among the most important is TR-39, which is an audit of compliance with regulations relating to PIN transactions, encryption techniques, and key management. All organizations involved in PIN transactions and key management for PIN processing must undergo the TR-39 audit on a bi-annual basis.
If your organization lacks the technical resources, time, or personnel, Futurex can help you keep your cryptographic infrastructure in audit-ready shape. Our staff can work with your organization to fully prepare for internal and external audits.
PCI Security Standards Council
Additionally, Futurex is an active participant in the Payment Card Industry Security Standards Council. This council is a global body that develops, maintains, and administers security standards for the card payment industry. It was originally formed in 2006 by the 5 major payment companies: American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International. Together with dozens of other companies and participating members from the financial sector, merchants, point of sale vendors, and other security hardware vendors, Futurex and the council decide on standards the future of payment transaction security standards.
The primary standards that the PCI Security Standards Council manages has always been the PCI Data Security Standard (DSS), which the widely accepted set of security standards and policies intended counter theft, fraud, and misuse of cardholder data. Prior to the PCI DSS, the five major payment companies all ran their separate security programs standards. While they were aimed towards the common target of card-holder security, they were each independent of each other. However, as online payments became more common in the early 2000s, the five major card companies aligned their security programs under the common umbrella of the PCI DSS which became the mandatory standard for any organization that accepts, processes, or stores credit card information.
As a participating organization in the Payment Card Industry Security Standards Council and as an industry leader in the development of hardware security modules for payment transaction encryption and processing, Futurex maintains constant situational awareness of changes to the PCI DSS. In doing so, Futurex can ensure their products remain compliant with all relevant requirements, now and in the future.