Latest news with #PCIDSS4.0
Techday NZ
27-04-2025
- Business
- Techday NZ
Qualys launches Policy Audit to slash compliance audit costs
Qualys has announced an enhancement to its policy compliance solution with the launch of Policy Audit, aiming to streamline audit efficiency, reduce compliance costs and lower regulatory risks for organisations. The increase in regulatory requirements has presented significant challenges for enterprises; according to the Compliance Digital Transformation Report by Coalfire, nearly 70% of service organisations are subject to six or more regulatory frameworks. These requirements stretch operational resources and often result in higher costs. The complexity is further complicated by system misconfigurations which can lead to instances of non-compliance and potential regulatory penalties. Policy Audit introduces several automated features designed to address these challenges by reducing the reliance on manual processes. Sandeep Khanna, Chief Information Security Officer at the Unique Identification Authority of India (UIDAI), commented on the integration of Policy Audit, stating: "Integrating Qualys Policy Audit into our workflows has transformed how we manage compliance. The seamless collaboration between teams, combined with real-time visibility across multiple mandates, has streamlined our operations and enabled proactive risk management. It's a game-changer for audit readiness." The Policy Audit solution works by automatically mapping collected evidence to major compliance frameworks such as PCI DSS 4.0, DORA, NIST, CMMC, and FedRAMP. It provides coverage across 450 technology types, includes over 1,000 out-of-the-box policies, and supports compliance with more than 90 frameworks. This is intended to foster continuous compliance and audit readiness while helping to mitigate the risk of audit failures. Among its features, the continuous audit readiness capability automates evidence collection and reduces the risk of human error, offering organisations a way to monitor audit gaps via real-time compliance posture dashboards. According to Qualys, the use of automated policy compliance can reduce audit failure rates by as much as 95%, allowing organisations to proactively address risks that could result in fines or penalties. Policy Audit also incorporates Qualys TruRisk, which maps compliance and data privacy risks automatically while identifying and prioritising critical misconfigurations according to business impact and asset and threat exposure. This functionality is intended to help organisations focus resources on the most significant vulnerabilities, and to understand the effect of these vulnerabilities across various regulatory mandates. With regard to operational workflow, Policy Audit includes automated IT Service Management (ITSM) workflows to connect silos between teams, ensuring necessary information moves efficiently to the relevant parties. Its integration with Governance, Risk, and Compliance (GRC) tools aims to improve visibility and streamline both compliance tracking and risk management. Policy Audit features automated remediation workflows to accelerate the response to compliance gaps and reduce the window of exposure to breaches. On the reporting side, the solution enables organisations to generate multiple customisable reports from a single data collection process, utilising more than 90 pre-mapped mandates. These reports can be adapted for audiences such as executives and stakeholders, facilitating audits on demand and reportedly cutting audit costs by up to 50%. Sumedh Thakar, President and Chief Executive Officer of Qualys, commented: "Organisations are facing a growing number of mandates, and audit readiness is more critical than ever. Yet many struggle with complex regulations, limited staff, tight budgets, and manual processes—making compliance costly and error-prone." "Policy Audit transforms audits from a source of stress into a streamlined, automated process that empowers teams to do more while keeping the organisation continuously audit ready." In conjunction with Policy Audit, Qualys has introduced Audit Fix, an optional feature designed to help limit breach exposure. Audit Fix allows users to remediate audit findings before they escalate into compliance issues using a library of pre-defined scripts and policies, which can be integrated into continuous integration and deployment (CI/CD) pipelines. Customisable remediation workflows further contribute to continuous compliance and risk reduction. Qualys Policy Audit is expected to be available in the second quarter of the year.
Associated Press
31-03-2025
- Business
- Associated Press
Aperia Compliance, an IXOPAY Company, Appoints Tony Norrie as President to Drive Growth for Scalable Compliance Solutions
Seasoned payments executive joins to expand PCI compliance reach, leverage synergies with IXOPAY's global payment orchestration platform LEHI, UT / ACCESS Newswire / March 31, 2025 / Aperia Compliance, an IXOPAY company and a leader in PCI compliance and risk management, today announced the appointment of Tony Norrie as President of Aperia Compliance. In his new role, Norrie will oversee Aperia Compliance's strategic growth, with a dual focus: accelerating adoption of the company's PCI and risk solutions, and expanding the reach of IXOPAY's enterprise-grade payment orchestration platform through Aperia Compliance's partner network and client base. 'Tony joins Aperia Compliance at a pivotal time in our journey,' said Suzanne Rudnitzki, President & COO of IXOPAY. 'Today, merchants need seamless, scalable ways to navigate compliance and payments. Tony's track record in scaling high-growth SaaS and payments organizations positions him perfectly to meet that demand with Aperia Compliance. His leadership will be instrumental in deepening client value, forging strategic partnerships, and aligning our compliance capabilities with the transformative potential of payment orchestration.' Norrie brings over 20 years of executive experience across SaaS, FinTech, and payments. He has successfully led companies through high-growth phases, private equity exits, and strategic M&A -- building scalable go-to-market engines and high-performance teams along the way. His expertise spans direct and channel sales, partner development, and operations across businesses ranging from early-stage startups to $150M+ revenue organizations. At Aperia Compliance, he will be responsible for expanding access to tools that help merchants, ISOs, acquirers, and payment processors achieve PCI compliance, reduce risk, and adapt to regulatory changes -- including the final phase of PCI DSS 4.0. 'We're entering a new era where compliance must evolve alongside payments,' said Tony Norrie, President of Aperia Compliance. 'Aperia Compliance and IXOPAY are uniquely positioned to deliver compliance and orchestration solutions that help our clients move faster, secure payment data, and grow with confidence. I'm honored to lead Aperia Compliance and look forward to building something extraordinary with our team and partners.' Norrie's appointment reflects IXOPAY's broader strategy to unify world-class compliance and orchestration capabilities under a shared services framework, maximizing value for clients across the entire payment ecosystem. Norrie is based in Dallas, Texas, and reports to Suzanne Rudnitzki, President & Chief Operating Officer of IXOPAY. Attendees of ETA TRANSACT in Las Vegas (April 2-4, 2025) are invited to visit Aperia Compliance and IXOPAY at Booth #871 to explore the latest innovations in compliance and payment orchestration. About Aperia Compliance Aperia Compliance, an IXOPAY company, is a leader in Payment Card Industry (PCI) validation and risk management, providing PCI Level 3 and 4 compliance for ISOs, payment processors, and small and medium-sized businesses. Learn more at
Associated Press
12-03-2025
- Business
- Associated Press
Aperia Compliance, an IXOPAY Company, Launches Payment Script Monitor to Help Merchants Prevent Fraud and Stay PCI Compliant
Automated solution detects unauthorized script changes, protecting online transactions and ensuring PCI DSS 4.0 compliance before the March 31, 2025 deadline. LEHI, UT / ACCESS Newswire / March 12, 2025 / Aperia Compliance, an IXOPAY company and a leader in Payment Card Industry Data Security Standard (PCI DSS) validation and risk management, today announced the launch of Payment Script Monitor, an advanced compliance solution designed to help merchants meet the final phase of PCI DSS 4.0 requirements taking effect on March 31, 2025. With cybercriminals increasingly targeting online payment pages through malicious script injections, Payment Script Monitor provides continuous monitoring, real-time alerts, and compliance automation, enabling businesses to detect and prevent unauthorized modifications to their checkout pages. The solution specifically helps merchants comply with the critical PCI DSS requirements 6.4.3 and 11.6.1, which mandate active script management and monitoring for e-commerce transactions. 'PCI DSS 4.0 significantly raises the bar for merchant security, particularly with the introduction of the script management and monitoring requirements for e-commerce sites,' said John Noltensmeyer, Chief Information Security Officer at IXOPAY. 'We understand the evolving requirements can be challenging for merchants. Payment Script Monitor gives them an automated way to track and validate changes to scripts on their payment pages, reducing security risks and ensuring compliance without adding operational complexity.' Supporting Compliance, Security, and Revenue Growth Built as an intuitive, cost-effective solution, Payment Script Monitor empowers merchants, ISOs, acquirers, and payment processors to maintain compliance effortlessly. Key features include: Automated Script Inventory - Instantly generates a baseline inventory of all active scripts on merchant payment pages for easier onboarding. Real-Time Monitoring & Alerts - Detects unauthorized changes and malicious modifications with continuous scanning. Script Authorization & Validation - Provides a step-by-step process for merchants to review, approve, and manage scripts. Centralized Compliance Portal - A single interface for tracking script activity, ensuring alignment with PCI DSS 4.0. U.S.-Based Support - Expert guidance available to help businesses navigate security challenges. By integrating Payment Script Monitor, IXOPAY and Aperia Compliance advance their mission to help merchants protect customers' payment data, prevent fraud, and stay PCI compliant with ease, following their merger in December 2024. About Aperia Compliance Aperia Compliance, an IXOPAY company, is a leader in Payment Card Industry (PCI) validation and risk management, providing PCI Level 3 and 4 compliance for ISOs, payment processors, and small and medium-sized businesses. Learn more IXOPAY is a leading provider of enterprise-grade payment orchestration, helping businesses simplify, secure, and scale their payment systems. IXOPAY has orchestrated over $40 billion in transactions for customers in more than 30 countries. With a fully integrated platform, tokenization capabilities, and flexible payment optimization modules, IXOPAY enables enterprises to manage payments efficiently across multiple providers. Learn more at
Miami Herald
18-02-2025
- Business
- Miami Herald
Oleria Achieves PCI DSS 4.0, HIPAA and ISO Compliance, Demonstrating Commitment to Building the World's Most Trusted Identity Security Platform
Compliance Certifications Strengthen Oleria's Position as an Emerging Leader in Identity Security and Access Management BELLEVUE, WASHINGTON / ACCESS Newswire / February 18, 2025 / Oleria, a visionary in identity security, today announced its successful achievement of PCI DSS 4.0, HIPAA, and ISO/IEC 27001, 27017, and 27018 compliance, further strengthening its ability to help enterprises manage and protect sensitive data while addressing the growing challenge of securing access and enforcing identity policies across fragmented IT environments. These certifications validate Oleria's commitment to building the world's most trusted identity security platform, ensuring organizations can meet the highest standards without sacrificing agility. "Identity security is at the core of enterprise cybersecurity, yet traditional approaches to access management continue to expose organizations to risk," said Jim Alkove, CEO and co-founder of Oleria. "From day one, we built Oleria to deliver adaptive identity security that enterprises can trust. Achieving PCI DSS 4.0, HIPAA and ISO compliance on an accelerated timeline reflects our commitment to visibility, intelligence and control without compromising on Trust." Bridging the Identity Security and Compliance Gap With 80% of breaches involving compromised credentials and identity-targeted attacks rising 71% year-over-year, enterprises face mounting pressure to modernize access management while maintaining compliance. PCI DSS 4.0 enhances payment security through stronger authentication, and HIPAA mandates strict data safeguards - yet without a solid identity security foundation, organizations struggle to meet the letter and the spirit of these standards. Oleria provides security teams with the clarity and control needed to protect sensitive data and meet evolving regulatory mandates. Rather than treating compliance as a checkbox, Oleria takes a secure-by-design approach to building its Trustfusion platform, which dramatically simplifies compliance readiness. By unifying identity governance, access posture management, and threat detection, Oleria empowers organizations to enforce least privilege, manage access dynamically, and mitigate risks across their SaaS, cloud, on-premise, and hybrid environments, securing all identities - human, non-human, and AI. "Most startups wait years before prioritizing compliance, but we knew from the start that CISOs need solutions they can trust - without the guesswork," said Didier Vandenbroeck, VP Security and IT at Oleria. "We invested heavily in automation, enabling us to automate over 100 tests covering 80% of required controls, giving us the acceleration customers demand." With PCI DSS 4.0, HIPAA, ISO and SOC-2 compliance, Oleria is quickly becoming the platform for enterprises who want to quickly strengthen identity security, reduce compliance burdens, and maintain continuous assurance in an increasingly complex regulatory landscape. About Oleria Oleria reimagines identity security, providing organizations with the clarity, intelligence, and control needed to secure access at an individual resource level. Built on the groundbreaking Trustfusion platform, Oleria delivers adaptive security solutions that keep pace with emerging threats and evolving compliance requirements. Founded by cybersecurity veterans and backed by top investors - including Evolution Equity Partners, Salesforce Ventures, Tapestry VC, and Zscaler - Oleria is setting a new standard for modern identity security. For more information, visit Contact Information David Henderson PR & Communications Leaddavid@ SOURCE: Oleria press release
