Solidcore Locks Down Retail Devices to Ease PCI Compliance Verification

Assures System Integrity of Windows Embedded Point of Sale Devices, ATMs and Kiosks

CUPERTINO, Calif., June 30, 2008 — Solidcore® Systems, Inc., the leading provider of software to detect and prevent unwanted change, today introduced its S3 Control™ PCI Device edition, which enables retailers to achieve Payment Card Industry Data Security Standard (PCI DSS) compliance with reduced time and expense. The new solution eases the burden on merchants using Windows Embedded grocery, retail and hospitality systems to meet the PCI DSS requirements and to document compliance. The PCI Device edition also protects sensitive bank card data by prohibiting viruses and malware from penetrating point-of-sale (POS) terminals, servers, ATMs, and kiosks.

Device manufacturers and merchants have been in a difficult position of retrofitting fixed-function retail devices with more costly security applications that degrade device performance, such as anti-virus (AV) software. Solidcore addresses these challenges with its S3 Control PCI Device edition, which is a small footprint, low-overhead change prevention solution that runs transparently on Windows Embedded devices. The new solution provides the assurance for system integrity that the PCI standard demands by protecting against unauthorized software changes, malware and vulnerabilities. It reduces the labor-intensive task of verifying system integrity by providing reports measuring best practices for security configurations in accordance with the Center for Internet Security (CIS) benchmarks. These reports can be used for PCI self-assessments to ease the burden of validating PCI compliance on devices. These features and the CIS benchmark reporting helps position Solidcore as the best-suited solution for securing devices and providing the compensating control for PCI DSS anti-virus and file integrity monitoring.

"It has become essential for retailers to control access and ensure software integrity across the entire in-store electronic payments and POS environment," said Ray Carlin, executive vice president of sales and marketing for Retalix, and president and CEO of StoreNext Retail Technologies. "Solidcore has combined extremely effective lock-down protection with rapid deployment, and this enables our supermarket customers to protect data and sustain PCI compliance with reduced effort and cost."

Networked systems such as POS devices, ATMs and kiosks leverage Microsoft's powerful platforms such as Windows XP Embedded and Windows Embedded for Point of Service. The devices deployed to retail locations are often managed via the Microsoft System Center, and with Solidcore's S3 Control PCI Device edition, customers have the option of utilizing Microsoft System Center as an authorized change agent for applying new patches, policies or software packages to the device. This policy enforcement capability can deny all other update attempts outside of Microsoft System Center, including those attempts performed with local and physical access to the device. The flexibility enables changes coming from the device manufacturer, retail application vendor or retailer to be regulated while providing the highest degree of system integrity and reporting required to document PCI compliance.

"Windows Embedded operating systems combined with Solidcore's software and the Microsoft Systems Center allows device makers working through the rigors of PCI compliance to create smart, connected technologies," said Irena Andonova, marketing group product manager for the Windows Embedded Business. "This combination brings unparalleled value to retailers and gives our joint customers a more secure, interactive and differentiated solution for the most demanding retail environments."

"Most retailers have unwanted software, applications and code running on the same payment processing devices that are accepting credit cards on a daily basis," said Jim Sarale, vice president of embedded solutions for Solidcore. "Only by locking down devices with real-time change and runtime control can merchants be assured those systems are secure. Solidcore has proven itself as the standard for securing devices such as ATMs and point of sale systems, and with this new offering we are making it even easier and more cost-effective to assure PCI compliance on the device."

Solidcore's S3 Control PCI Device edition leverages patented technology with unmatched levels of device runtime and change control to deliver a high assurance of device integrity. The Solidcore solution provides benefits to retailers in the form of higher security and availability of in-store systems, while also leveraging the software to sustain and document compliance with the PCI DSS requirements. Device manufactures benefit from offering a more secure, out-of-the-box payment processing solution with enhanced software control, security and compliance. The manufacturers also benefit from the ability to reduce support costs associated with unauthorized changes to the operating system and applications on the device.

About Solidcore Systems
Solidcore is the leading provider of software to detect and prevent unwanted change. Organizations worldwide trust Solidcore's change control software to improve IT compliance, security and availability. Solidcore S3 Control easily automates PCI and SOX controls for compliance reporting, locks down critical systems to ensure only trusted applications run, and prevents change-related outages for improved service availability and accelerated ITIL adoption. Solidcore is headquartered in Cupertino, California. For more information, please visit www.solidcore.com.

Back to Press Releases