Boston, MA
January 2005

Guarding Precious Cargo: The Evolving Function of Compliance Initiatives (CISP/SDP/PCI) in Protecting Cardholder Data


When the card associations publish directives, it is not an option for their members to ignore them.  The message from the associations is simple: turn your back on their mandates and pay the consequences.  Ignorance is, in these cases, far from bliss.

This research report complements prior research by Mercator Advisory Group with coverage of security initiatives that card associations are mandating for their members.  It is vital that stakeholders are aware of their responsibilities for preserving the integrity of not just their location, but the entire payments value chain.

Nick Holland, Director of the Emerging Technologies Advisory Service and co-author of the report sees the compliance mandates as just the price of doing business electronically:

“It goes without saying that electronic transactions are here to stay. As consumers we are accustomed to the convenience, speed and security of card payments and expect them to be more convenient, faster and secure in the future.  For this to continue, we need to have the utmost confidence in the integrity of electronic transaction networks…”

Hightlights of the report include…

  • Details of the CISP, SDP, and PCI card association security compliance mandates for merchants and service providers

  • A summary of the products and services of five of the large security compliance vendors operating in the US: Ambiron, SecurityMetrics, TrustWave, Verisign and Ubizen

  • A discussion of the choice of compliance vendor for the acquirers in the US

  • An assessment of the consequences of not participating in card association security compliance mandates

  • An evaluation of the future of security compliance, focusing on new technologies and emerging trends in the security compliance marketplace

Sample Exhibit From the Report

Holland sees participation in the programs as essential for all stakeholders in e-payments…

“Security compliance mandates form the insurance policy for maintaining consumer confidence now and tomorrow and should be considered a basic requirement for participating in electronic transactions, whether you are a merchant, acquirer, processor, or any other member of the chain.  To not do so, one runs the risk of poisoning the well not just for your own institution and your clients but for your peers and the industry as a whole…”

The report contains 4 exhibits and is 21 pages.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at

For more information call Mercator Advisory Group’s main line: 508-845-5400 or send email to