For Immediate Release

Media Contact:
Mike Emerton on Behalf of Ecora
EmertonC3
(603) 766-3688
mike@emertonc3.com

Will Merchants' Networks Protect Consumer Credit Card Data on Black Friday and Throughout the Holiday Season?

Ecora Offers Free IT Compliance Assessments to Help Merchants Comply with New PCI DSS 1.1 Standards

Portsmouth, N.H. – November 21, 2006 – Compliance to the Payment Card Industry Data Security Standard (PCI DSS) is not an option – it's mandatory. Ecora Software, the industry's only solution for automating regulatory compliance and best practices reporting for IT Systems Management, today announced the availability of the PCI Assessment Program. The new program helps retail merchants and service providers who handle credit card information proactively prevent data breaches by ensuring the infrastructure for payment systems comply with new PCI DSS 1.1 mandates. To register for the program users can visit www.ecora.com.

According to the National Retail Federation, the total Black Friday weekend spending for 2005 reached $27.8 billion – a 21.9 percent increase from the prior year. By contrast, over one million consumers had their financial information exposed from network breaches in 2005. While payment card transactions are increasing, credit card processors, point-of-sale vendors and financial institutions are not keeping up by properly securing their networks from hackers.

Ecora is helping to address the recently updated PCI DSS mandates as well as the growing theft and fraud trend in the payment card processing industry by offering qualified merchants and service providers a free PCI DSS compliance assessment.

• Free PCI Assessments for Qualified Merchants and Service Providers – Ecora will consult with your organization to implement IT best practices around PCI compliance – helping to arrive at a detailed, audit-ready PCI compliance report.
• Ecora's PCI White Paper and Datasheet – An informative resource for understanding PCI requirements, as well as the new requirements merchants must comply with by January 2007.
• Access to Ecora's On-Demand, PCI Training Webcasts – An acclaimed on-line series of presentations outlining PCI's 12 areas of compliance and how any organization may simplify audits via automating the IT validation process.

PCI DSS was developed to help merchants and service providers pinpoint network vulnerabilities and proactively address data security breaches before consumers' private financial information is compromised. However, meeting the PCI standard has proven to be time consuming and costly, slowing organizational adherence. Compounding matters, the PCI Security Standards Council recently announced more stringent requirements that will place an increased burden-of-proof on merchants and service providers in 2007.

New PCI DSS requirements, applicable to IT systems, merchants must comply with in 2007 are:

• Requirement 5.1.1 – Malicious software, such as spyware and adware, are included in anti-virus software capabilities.
• Requirement 6.6 – Added requirement for application code review or application firewall.
• Requirement 12.10 – Added requirement for a policy to manage connected entities, including maintaining a list, implementing appropriate due diligence, ensuring connected entities are PCI DSS compliant, and having an established process to connect and disconnect entities.

“Complying with government IT mandates has become a condition of doing business,” said Joe Fiorentino, CEO, Ecora Software. “However, the complex nature of today's payment card and point-of-sale systems, coupled with the costly process of adhering to compliance mandates, has led merchants to delay meeting these standards. Ecora's new PCI Assessment Program helps alleviate their concerns by automating the process of identifying their current state of compliance, discovering any non-compliant IT controls, and providing the insight required to immediately correct vulnerabilities.”

About PCI

The PCI Security Standards Council is an independent enforcement organzation that was recently formed to provide an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International and owns, develops, maintains and distributes the PCI Data Security Standard (DSS).

About Ecora

Ecora Software provides Enterprise Configuration Visibility™ to customers worldwide, ensuring their IT infrastructures are secure, compliant and effective. Ecora is the market-proven leader in transforming enterprise-wide configuration data into easy-to-understand reports for regulatory compliance and enabling IT best practices. The Company's flagship solution, Auditor Professional™, provides the only patented architecture proven to automate the collection and reporting of configuration information from the entire infrastructure, without agents. Ecora Software takes the cost and complexity out of compliance audits and adopting IT best practices for more than 800 active worldwide customers, including many of the Fortune 100.