Through the company's attainment of PCI Level One status, Aria Systems' clients are assured that their end-to-end processes (and each component individually) are fully compliant, continuously. As such, unlike many companies that claim to offer PCI Compliance to their clients, Aria Systems provides its clients the peace of mind that comes with the assurance of the highest level of customer transaction data safety and security, in functions such as:
-- User Self-Service (USS)
-- Customer Relationship Management (CRM) tools
-- Application Programming Interfaces (APIs)
Aria Systems' A+ Billing Platform is the first and only enterprise-class billing platform offered in a highly flexible Software-as-a Service based environment. Over the past six months, Aria Systems has rigorously updated its security standards while implementing new policies and procedures necessary for obtaining Level One PCI Compliance of its billing procedures. These new security measures will protect Aria Systems' customers against lost transactions and financial penalties generated from fraudulent activity or technical malfunctions such as:
-- Credit Card Fraud -- Identity theft -- Breached & Insecure Networks -- Internet Viruses
In the billing space, Aria Systems is uniquely committed to comprehensive customer lifecycle management. A dimension of Aria's focus is the execution of contextual, appropriate-point-in-the-process communications and alerts with clients' customers, preemptively launched before any billing problems arise. Because being PCI Compliant allows Aria Systems to securely store customer data, customers benefit through a unique waterfront of related value-adds that translate into direct cost savings, increased marketing, flexibility enabling revenue growth, and increased customer and revenue retention.
PCI mandates that all billing companies' processes, not just infrastructure, must be Level One PCI Compliant. Merchants that do not comply with the PCI Data Security Standard (DSS) face monthly fines for noncompliance -- ranging from US$5,000 to $25,000. Beyond monetary fines, there are far greater costs associated with noncompliance such as lost reputation, damaged customer trust and loyalty, financial losses, lost business, lawsuits and other results of a breach.
"Relative to PCI Compliance, there are layers of danger facing companies that handle customer financial and personal data. Many companies have a false sense of security, not realizing that when they work with a provider that is PCI Compliant, yet still commit behaviors like storing customer credit card information in their CRM tool, they are putting themselves and their customers at risk," said Ed Sullivan, CEO of Aria Systems. He added, "Even more alarming is that many companies don't understand at all the gravity and potentially catastrophic consequences of working with a non-PCI Compliant billing provider, or one with only a single component of its processes compliant."
Sullivan notes, "Aria Systems is the only SaaS billing provider truly dedicated to the safety and security of our customers' transactions. And we have the certification to prove it."
To maintain Level One Compliance, Aria Systems must adhere to annual third party audits and integrate regular upgrades into their security systems. To manage these audits, Aria Systems has partnered with Trustwave, a leading provider of on-demand data security and payment card industry compliance management solutions, to oversee penetration tests, manage code reviews and inspect firewalls.
"While we have always trusted Aria's commitment to the security of our data and billing transactions, their decision to spend the time and money associated with becoming Level One PCI Compliant adds even greater assurance and validity in their services," said John Miller, Managing Director and Principal of Decision Intelligence. "With so many threats posed to Internet transactions, it's important for any company that manages its billing with a third party vendor to insist that the company be Level One PCI Compliant."
The PCI Security Standards Council cannot prevent companies from claiming PCI Compliance (in fact many do), but only those that are named in the PCI Data Security Standard (PCI DSS) annual report are truly compliant. Companies that are unsure of whether or not their billing provider is PCI Level 1 compliant are urged to check the list of those companies that are certified as such, at http://usa.visa.com/merchants/risk_management/cisp_service_providers.html.
