Increased reliance on cloud computing and on-demand software models
is highlighting the need for airtight security, particularly where
billing is concerned.
Aria Systems, a provider of on-demand billing and customer lifecycle
management, is leaving nothing to chance. On Jan. 7, the company
revealed its A+ Billing Platform has achieved Level One PCI (Payment
Card Industry), as recognized by the PCI Security Standards Council, a
status Aria executives expect will instill confidence in the company’s
customers and buoy its upcoming channel recruitment efforts.
Aria’s achievement, still relatively rare in the SAAS (software as a
service) world, is significant because level One PCI compliance covers
the actual processes involved when data moves around the cloud, as
opposed to just securing the infrastructure.
“Anything we do that touches our customers’ financial information is
PCI-compliant at the highest level,” says Aria CEO Ed Sullivan.
Securing the cloud is a complex proposition for businesses that tap
applications and transmit data through the Internet’s vast public
infrastructure. The potential for data breaches exists at various
levels, including network access points and the transmission of
information through the cloud.
“We think that’s one of the dangers of the cloud,” he says.
Is your data safe? Find out here.
Sullivan contends that while some companies boast of PCI compliance,
they are not compliant in the all-encompassing way that Aria has
achieved. In many cases the infrastructure is secure, he says, but on
the backend there are manual processes where potential breaches could
occur.
Aria’s technology automates all transaction-related activity,
including tracking late payments and notifying merchants of default.
Since its founding in 2003, Aria has processed more than 1 billion
transactions and has about 1 million users currently, say executives.
The vendor sells its technology through SAAS contracts either
directly or through partnerships with companies such as Rackspace. The
company now is setting its sights on the solution provider and managed
services provider channels, and its vice president of marketing, Jim
D’Arcangelo, believes the Aria’s Level One PCI compliance will play big
with the channel companies.
That’s because it addresses concerns over security and questions of
accountability that tend to surface when providers add SAAS to their
offerings. Providers want technology they sell to customers to be
rock-solid, secure and profitable, D’Arcangelo says.
In achieving Level One PCI compliance, Aria joins a distinguished
group of IT heavies, including Google, Oracle and Microsoft, by meeting
the credit card industry’s strictest security measures.
Aria executives say the company spent the last six months updating
its security standards and implementing the policies and procedures
necessary for obtaining Level One PCI Compliance.
The security measures protect Aria customers against lost
transactions and the financial penalties associated with credit card
fraud, identity theft, network breaches and Internet viruses. Companies
doing commerce over the Internet risk monthly fines of $5,000 to
$25,000 for failing to comply with PCI standards.
In accordance with Level One PCI Compliance standards, Aria tracks
and monitors access to network resources and cardholder data, encrypts
data transmissions and tests periodically to prevent unauthorized
access.
Sullivan says people typically focus on protecting credit card
numbers, which is important, but a truly secure transaction environment
also has to meet privacy standards against letting cardholder data fall
into the wrong hands.
D’Arcangelo says Aria is in the early stages of designing a channel program for solution providers.