Symantec Announces Comprehensive Program to Address Payment Card Industry (PCI) Data Security Standard

Market Wire, March, 2006

Symantec Corp. (NASDAQ: SYMC) today announced Symantec PCI Services, a programmatic approach enabling organizations to meet the Payment Card Industry (PCI) Data Security Standard, reducing overall risk associated with payment card processing, and ensuring a more resilient infrastructure. These services help organizations identify and manage data security risks for merchants and service providers that manage credit cardholder data.

"The updated PCI specifications require organizations to implement significant security controls. Organizations should seek advice from partners who know how to design and implement practices required by the standard," said Andrew Jaquith, senior analyst, Yankee Group. "PCI also places increased liability on vendors who offer certification services. When choosing a security partner, companies should work with third parties who stand behind their work, and who are willing to take on the liability associated with certification."

The PCI Data Security Standard, endorsed by Visa, MasterCard International, and other card brands, requires merchants and service providers that store, process or transmit customer credit card data to adopt aggressive security controls and processes to ensure data integrity. Regular compliance reports by a certified third-party assessor are required to achieve compliance for merchants and service providers that handle a large number of transactions. Merchants and service providers that do not comply with the payment brand security requirements are subject to penalties or fines.

Symantec has met the standards set by Visa USA as a Qualified Data Security Company (QDSC) and assessments are performed by Symantec security consultants authorized by Visa as Qualified Data Security Professionals (QDSP). Symantec's vulnerability scanning methodology has also been approved by MasterCard International.

Symantec PCI Services include the following four critical offerings for merchants, service providers, and payment application vendors to help meet the PCI Security Standard:

--  Symantec(TM) PCI Security Audit Service: Offers an annual onsite
    security audit to validate the security posture of systems, processes, and
    procedures where cardholder data is retained, stored and transmitted, as
    outlined in the PCI Data Security Standard.
--  Symantec(TM) PCI Security Scanning Service: Enables organizations to
    meet PCI data security requirements by identifying and addressing high-risk
    vulnerabilities that could threaten the confidentiality or availability of
    cardholder data.
--  Symantec(TM) PCI Payment Application Best Practices Assessment:
    Provides payment application vendors with an independent third-party
    security assessment of their payment system against Visa USA's CISP Payment
    Application Best Practices.
--  Symantec(TM) PCI Compliance Readiness Review:  Helps organizations
    prepare for PCI compliance activity by providing expert advice and a gap
    analysis of existing client practices and by identifying potential
    deficiencies that could result in non-compliance with PCI standards.
    

"In the wake of a growing amount of litigation and regulatory activity related to security breaches and data loss, the PCI Data Security Standard is driving organizations to more seriously evaluate and strengthen their own security infrastructures," said Mark Perry, vice president, professional services, Americas, Symantec. "Symantec helps customers limit their overall risk by protecting the integrity of their data and millions of consumers can continue to conduct payment card transactions with the confidence that their information is protected."

At the conclusion of each Symantec PCI Compliance engagement, Symantec delivers a written report according to PCI guidelines and helps the client understand their security position. Symantec can also provide consultants to help an organization develop and implement remediation plans for non-compliance issues.

Symantec Security Consulting Services provide organizations with best-practice security measures through comprehensive assessments, planning, and design consultations, and are backed by Symantec's unparalleled research, methodologies, and consulting expertise.

Availability

Symantec PCI Services are currently available in the United States. To learn more, customers can visit www.symantec.com .

About Symantec

Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com .

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at www.symantec.com/news . All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.