Affinion Achieves Highest Security Standards For Online Billing, Information Security...

Affinion Achieves Highest Security Standards For Online Billing, Information
Security Management

Global Marketer Attains World-Class PCI DSS and ISO Credentials 

NORWALK, Conn., April 20 /PRNewswire/ -- Affinion Group, a global leader in
customer engagement solutions and provider of programs that enhance and extend
the relationship of millions of consumers for financial service, retail and
e-commerce companies, has been awarded the Payment Card Industry (PCI) Data
Security Standards (DSS) Level 1 compliance certification, the highest level
of security standards for billing transactions in North America and the United
Kingdom.

This achievement adds to the company's growing list of prestigious security
certifications, including the ISO 27001 for Information Security Management
and Cybertrust Enterprise Certification. Affinion's Cybertrust and ISO
designations make it one of only 85 companies in the United States carrying
these leading-edge credentials, and the company is the only affinity marketer
with the ISO designation.

The PCI DSS certification is the highest security standard and recognizes that
the company provides its customers with the most stringent security standards
in the credit card industry.  Affinion, which has been PCI compliant since
that measurement's inception in 2004, now also joins a select group of
companies with the Level 1 PCI DSS compliance.

"Achieving the highest level of PCI DSS certification reinforces Affinion's
longstanding commitment to leadership in information protection as we
continuously seek to raise the bar for these practices in our industry," said
Robert G. Rooney, executive vice president and chief operating officer of
Affinion Group.  "We place the utmost priority on the protection of our
customers and our clients, and taking this extra step demonstrates how
important this is to us."

PCI DSS certification signifies that a company has implemented an information
security management system that meets the most stringent security standards.

"Receiving this certification signals to the world that we proactively make
information security a top business and management priority," said Scott
vonFischer, chief information security officer for Affinion.  "By adopting the
highest security standards in the industry we are leading the way as a
world-class data security company for our clients, customers and partners."

The PCI DSS certification is an ongoing process, and Affinion will continually
strive to meet the rigorous standards as the industry evolves in the future. 
PCI DSS compliance and other security measures will protect Affinion clients
and customers against lost transactions and financial penalties generated from
credit card fraud, ID theft, breaches, Internet viruses and more.

PCI DSS is defined as:
    --  A set of comprehensive requirements for enhancing payment account data
        security, which were developed by the founding payment brands of the
PCI
        Security Standards Council, including American Express, Discover
        Financial Services, JCB International, MasterCard and Visa, to help
        facilitate the broad adoption of consistent data security measures on
a
        global basis.(1)
    --  A multifaceted security standard that includes requirements for
security
        management, policies, procedures, network architecture, software
design
        and other critical protective measures. This comprehensive standard is
        intended to help organizations proactively protect customer account
        data.
    --  Governed by the PCI Security Standards Council, composed of
        representatives from the founding payment brands.



Key attributes of the PCI DSS include:
    --  Building and maintaining a vulnerability management program that
        incorporates and updates next generation anti-virus software, secure
        systems and applications.
    --  Implementing strong access control measures such as restricting access
        to cardholder data, assigning a unique encrypted ID to each employee
        with computer access and restricting physical access to cardholder
data.
    --  Monitoring and testing of all networks, security systems and
processes.
    --  Maintaining a strict information security policy for employees,
vendors
        and contractors.



As Affinion continues to position itself on the leading-edge of information
security in the direct marketing industry, the company has established a solid
foundation to build best practices in data protection in 2009 and beyond.  A
key priority in maintaining the highest standards of privacy is to work
closely with current and future partners to insure that all information --
either supplied or created through product development -- is treated with the
utmost confidentiality, integrity and protection.  As part of this commitment,
Affinion will leverage its comprehensive risk management strategies in the
design, implementation and maintenance of an advanced information security
management system.

Affinion is also dedicated to complying with all regulatory, voluntary and
corporate standards, while establishing consistent policies that support its
industry-leading information security position around the globe.

About Affinion Group 
As a global leader with nearly 35 years of experience, Affinion Group
(www.affinion.com) enhances the value of its partners' customer relationships
by developing and marketing valuable loyalty, membership, checking account,
insurance and other compelling products and services. Leveraging its expertise
in product development and targeted marketing, Affinion provides comprehensive
customer engagement and loyalty solutions that enhance or extend the
relationship of millions of customers with many of the largest and most
respected companies in the world, while helping to generate significant
incremental revenue for more than 5,500 affinity partners worldwide, including
many of the largest and most respected companies in financial services,
retail, travel, and Internet commerce. Based in Norwalk, Conn., the company
has approximately 3,000 employees throughout the United States and in 14
countries across Europe. Affinion holds the prestigious ISO 27001
certification for the highest information security practices, is PCI compliant
and Cybertrust certified.

(1) http://www.pcisecuritystandards.org/

SOURCE  Affinion Group

James Hart of Affinion, +1-203-956-8746, jhart@affiniongroup.com