Core Services Corporation is an award winning, Oracle Certified Partner and an Applications Hosting and Consulting Service Provider for Oracle E-Business Suite applications. Core provides customized and scalable solutions leveraging its broad range of application development capabilities and best of breed Oracle Applications implementation and hosting expertise, including recently adding PCI DSS compliance to its list of value-added offerings for its EBS clients. The PCI standard was developed by credit card companies to protect the privacy of client, payment card, and merchant data.

Several modules in the E-Business Suite of Oracle Applications store, process, and transmit credit card data. Such environments must comply with PCI DSS 1.1 while PA-DSS compliance is not applicable to EBS databases. "Core strongly recommends its payment processing clients be PCI DSS-compliant in view of the potential security risk and related litigation or penalties from clients and credit card companies," says Bimal Doshi, Vice President of Operations, Core Services. "Achieving industry best practices PCI compliance in securing network and payment data is in our clients' best interests."

PCI DSS is maintained by the PCI Security Standards Council, an open global forum for development and implementation of security standards for payment data protection (https://www.pcisecuritystandards.org). Version 1.1 of PCI DSS (Sept 2006) is the current version that specifies 12 requirements for compliance organized into six groups. Merchants need to comply with the DSS or face penalties per incidence of non-compliance. Version 1.2 of PCI DSS is due in October 2008 with this update primarily addressing new and evolving threats designed to increase cardholder data security.

Core's PCI DSS-compliant EBS hosting solution is specifically designed to address PCI DSS requirements such as structuring and maintaining a secure network, protecting cardholder data, maintaining a risk management program, implementing secure access control measures, continuously monitoring and testing networks, and maintaining an Information Security Policy.

Core's clients also have the benefit of a Core Project Service Delivery Manager (PSDM) who owns PCI compliance for clients. A detailed gap analysis initially is done to identify potential PCI DSS compliance weaknesses, which are then candidates for remediation. Additionally, since PCI DSS compliance is required on an-ongoing basis, the PSDM will facilitate the readiness planning necessary for impending audits, including providing a pre-assessment readiness review before the audit begins.

"Our highly qualified and experienced team of network engineers and security experts will advise on how to re-architect clients' networks to achieve segmentation between PCI and non-PCI systems and modify business processes and practices to meet PCI requirements," says Doshi.

With minor exceptions, EBS clients storing, processing, or transmitting cardholder data must comply with PCI DSS 1.1. Core Services adheres to best practices on Securing Oracle E-Business Suite Application products and has integrated the credit card encryption feature into its Information Security Policy, whereby the primary account number is centrally stored as encrypted data in the tables, independent of the source application, and is masked in the application. Core also "obfuscates" primary account numbers in non-Production instances.

PCI DSS compliance coverage is just one example of how Core Services ensures that its clients receive world-class services.

About Core Services Corporation:

Core Services Corporation, an Oracle Certified Partner, delivers Oracle-based business operations solutions and information systems and support to clients worldwide. Additionally, Core Services is authorized to sell and service Oracle E-Business Suite, leveraging Oracle Business Accelerators capability. Focused solely on Oracle Applications since 1990, Core Services offers Managed, Remote DBA, and Disaster Recovery services in addition to Oracle Consulting services for new implementations and upgrades. For more information about Core Services, visit our website at: http://www.coreservices.com.