nCipher Helps MonsterCommerce Meet New Credit Card Security Standards; Payment Card Industry Data Security Standard Specifies the Use of Encryption to Protect Card Numbers in Databases and a Secure Means to Store and Manage Secret Cryptographic Keys

Business Wire, June 28, 2005

CAMBRIDGE, England & BELLEVILLE, Ill. -- nCipher plc (LSE:NCH), a leading provider of cryptographic IT security solutions, today announced that MonsterCommerce, Inc., a single-source, hosted e-commerce solutions provider to more than 5,000 companies, is using nCipher's nShield(TM) Hardware Security Modules (HSMs) and Security World(TM) key management technology to comply with the June 30 deadline for compliance with the Payment Card Industry (PCI) Data Security Standard.

The PCI standard sets out 12 security criteria with which enterprises handling credit card data must comply. Organizations that accept credit card payments or process credit card transactions and that handle up to 6 million credit card transactions annually have until June 30 to comply. Organizations that do not comply and subsequently suffer a security breach involving credit card data could face fines of up to $500,000 and restrictions on or the loss of their right to process credit card transactions.

In addition to requiring the adoption of traditional perimeter style security defenses involving firewalls and anti-virus software the PCI standards place significant emphasis on the protection of credit card data as it is handled within the organization itself. In order to provide protection for stored data and to strengthen access controls, organizations are adopting cryptographic security techniques such as encryption and applying it to company databases.

"Compliance with the standard specifies the use of encryption for stored data and furthermore it requires the use of dedicated key management equipment and systems to add the appropriate level of security," said Nigel Tranter, a partner at Payment Software Co., a payment systems consultancy and software solutions developer based in San Jose, Calif. that is certified to conduct PCI compliance audits. "Without an HSM for key management in your network, it would be extremely difficult to be in compliance with the PCI key management requirements."

MonsterCommerce provides turn-key, hosted e-commerce systems to more than 5,000 customers, including John Deere and Car and Driver Magazine. Therefore, making sure that credit card data remains secure is a top priority. Encryption provides a mechanism to protect the data but creates the new challenge of how to securely manage the encryption keys particularly in mission critical systems that require sophisticated failover and disaster recovery capabilities.

"We want to provide the highest level of security to our clients and their customers," said Jennifer Heil, chief technical officer at MonsterCommerce. "We have always encrypted credit card numbers anywhere they are stored in our network, no matter how brief the period of time they may reside there. Deploying nCipher's nShield HSMs to protect the encryption keys and to provide a secure platform from which to manage these keys takes us one step further in protecting sensitive data and is an extremely important to our compliance with the PCI standard."

nCipher's line of HSMs and encryption solutions provide a tamper-resistant hardware environment for the management of cryptographic keys and protection of sensitive data and applications. Independently certified to FIPS 140-2 level 3, the de facto security benchmark for cryptographic modules, these products can be deployed rapidly to protect a host of commercial applications, databases and server platforms and can also integrated with tailor-made cryptographic applications, creating a trusted hardware platform for critical security processes.

"For organizations working to comply with the PCI standard nCipher provides the highest level of security, scalability and flexibility to protect sensitive data through our market leading HSMs, such as netHSM(TM) and nShield, to securely manage cryptographic keys and where appropriate our SecureDB(TM) database encryption product," said Jeff Montgomery, product manager for data encryption at nCipher. "Through its deployment of nShield HSMs, MonsterCommerce has signaled its strong commitment to iron-clad information security."

Approaches to securing data at rest for PCI compliance

Companies seeking to comply with the PCI data protection standards have a number of choices. These choices range from designing systems to utilize the embedded software encryption capabilities found in certain database products or integrating HSM support into database applications, for example by using nCipher's encryption toolkits. Alternatively, companies wishing to avoid custom development work can consider commercial database encryption products such as nCipher's SecureDB. nCipher provides the flexibility to enable its customers to adapt as their requirements change without sacrificing security.

About MonsterCommerce

MonsterCommerce, Inc is a single-source e-commerce provider providing e-business clients the components needed to sell successfully online: e-commerce store building tools, design services, merchant accounts, and web site promotion services. Since 1998 MonsterCommerce, Inc has provided e-commerce services to thousands of e-commerce businesses. MonsterCommerce, Inc services can be located through its web site: www.monstercommerce.com.