Panoptic Security Inc. is offering to lease or sell complete software packages for compliance with the Payment Card Industry data security standard, an alternative to paying vendors a monthly fee for each merchant.
The PCI standard lists the requirements companies must follow to protect any card data they handle. Companies are also required to have their compliance validated, though the methods for doing so vary by the size of the organization.
Rick Oglesby, a senior analyst for Aite Group in Boston, said he had not heard of any other vendors offering to sell a self-contained system but said PCI compliance lends itself to a monthly regimen.
"It's definitely a different approach, but it's not going to revolutionize the world," Oglesby said.
PCI requirements and remediation continue to change, so processors that buy an in-house compliance system still would require updates, he said.
Selling a complete system might help a vendor capture market share and could change cash flow for a processor, but the vendor and processor probably would maintain an ongoing relationship, Oglesby said.
Panoptic, of Salt Lake City, has been providing PCI-compliance services for about three years but had long planned to sell a complete compliance package when the market was ready, said Leslie Norris, Panoptic's executive vice president.
As companies tire of "being tied to a compliance vendor" the time is right to sell the software, and Panoptic sees processors as the likely purchasers, she said.
"Processors are becoming the stewards of PCI," Norris said. "They're held hostage at $5 a month for each merchant."
If a Panoptic team and a processor's technical team "sit in a room" and concentrate on setting up the system, they can do it in three to four weeks, she said, adding that Panoptic personnel came from technology companies, not security companies.
"We put it within your walls," Norris said.
Besides offering the complete product, Panoptic will continue to provide PCI-compliance services to processors and independent sales organizations, Norris said.