Avangate Services - PCI DSS Certified

Customers benefit from payment account data protected under the highest Data Security Standard

Amstelveen, The Netherlands - June 23, 2009 - Avangate, full service provider of electronic software distribution and reseller management solutions for software vendors, today announced to have obtained for its services the Level 1 PCI DSS certification (Payment Card Industry Data Security Standard), the most important security standard for the card payment industry. The PCI DSS includes a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

"We have heavily invested along the years in the technical development of the Avangate solution and in constantly improving the security of the eCommerce platform, starting with our proprietary anti-fraud system to the physical security of the servers and disaster recovery procedures. The PCI DSS certification is a testimony of our efforts in ensuring the highest security standard for online software shops and especially for their clients, as card holders", stated Cristian Badea, Chief Information & Security Officer for Avangate.

The PCI DSS certification was granted to Avangate following a security audit by Endava UK, PCI DSS Qualified Security Assessor. David Feltham, Principal Information Assurance Consultant & Lead at Endava UK, explained: "PCI DSS requirements apply to all entities that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. The standard is a list of 12 requirements which involve both processing solution security and physical security of the data through different measures: from cardholder data encrypting to network monitoring and limitation of user access to private information. Such a multilateral approach becomes the only efficient means of preventing fraudulent operations in the payments industry. Today the adherence to PCI DSS is mandatory for banks, processing centers, financial organizations and merchants working with payment brands."

To ensure the continuous compliance with this standard, the Avangate platform, the operational center and the data center located in Amsterdam are audited by an accredited company on a yearly basis, while the Avangate systems are scanned daily to comply with internal and external security norms.

The PCI DSS was developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., to help facilitate the broad adoption of consistent data security measures on a global basis. For further information on PCI DSS, please visit: www.pcisecuritystandards.org