SAAS Vendor Achieves Highest Security Standards for Cloud TransactionsBy Pedro Pereira | Posted 2009-01-07 Email Print
Aria Systems’ on-demand billing software expects its Level One PCI compliance to play well with customers and partners alike.
Increased reliance on cloud computing and on-demand software models is highlighting the need for airtight security, particularly where billing is concerned.
Aria Systems, a provider of on-demand billing and customer lifecycle management, is leaving nothing to chance. On Jan. 7, the company revealed its A+ Billing Platform has achieved Level One PCI (Payment Card Industry), as recognized by the PCI Security Standards Council, a status Aria executives expect will instill confidence in the company’s customers and buoy its upcoming channel recruitment efforts.
Aria’s achievement, still relatively rare in the SAAS (software as a service) world, is significant because level One PCI compliance covers the actual processes involved when data moves around the cloud, as opposed to just securing the infrastructure.
"Anything we do that touches our customers’ financial information is PCI-compliant at the highest level," says Aria CEO Ed Sullivan.
Securing the cloud is a complex proposition for businesses that tap applications and transmit data through the Internet’s vast public infrastructure. The potential for data breaches exists at various levels, including network access points and the transmission of information through the cloud.
"We think that’s one of the dangers of the cloud," he says.
Sullivan contends that while some companies boast of PCI compliance, they are not compliant in the all-encompassing way that Aria has achieved. In many cases the infrastructure is secure, he says, but on the backend there are manual processes where potential breaches could occur.
Aria’s technology automates all transaction-related activity, including tracking late payments and notifying merchants of default. Since its founding in 2003, Aria has processed more than 1 billion transactions and has about 1 million users currently, say executives.
The vendor sells its technology through SAAS contracts either directly or through partnerships with companies such as Rackspace. The company now is setting its sights on the solution provider and managed services provider channels, and its vice president of marketing, Jim D’Arcangelo, believes the Aria’s Level One PCI compliance will play big with the channel companies.
That’s because it addresses concerns over security and questions of accountability that tend to surface when providers add SAAS to their offerings. Providers want technology they sell to customers to be rock-solid, secure and profitable, D’Arcangelo says.
In achieving Level One PCI compliance, Aria joins a distinguished group of IT heavies, including Google, Oracle and Microsoft, by meeting the credit card industry’s strictest security measures.
Aria executives say the company spent the last six months updating its security standards and implementing the policies and procedures necessary for obtaining Level One PCI Compliance.
The security measures protect Aria customers against lost transactions and the financial penalties associated with credit card fraud, identity theft, network breaches and Internet viruses. Companies doing commerce over the Internet risk monthly fines of $5,000 to $25,000 for failing to comply with PCI standards.
In accordance with Level One PCI Compliance standards, Aria tracks and monitors access to network resources and cardholder data, encrypts data transmissions and tests periodically to prevent unauthorized access.
Sullivan says people typically focus on protecting credit card numbers, which is important, but a truly secure transaction environment also has to meet privacy standards against letting cardholder data fall into the wrong hands. D’Arcangelo says Aria is in the early stages of designing a channel program for solution providers.