From Wikipedia, the free encyclopedia
Jump to: navigation, search
Privately held
Founded Orem, Utah, U.S.
Headquarters Orem, Utah, United States
Area served
United States, United Kingdom, Canada
Key people
Brad Caldwell (CEO)
Blake Stevens (CFO)
John Bartholomew (VP of Sales)
Russ Stay (VP of Business Development)
Jon Clark (Dir. of Marketing)
Gary Glover (Dir. Security Assessment)
Dave Ellis (Dir. Forensic Investigations)[1]
Products PCI Focus
PANscan® Suite
SecurityMetrics Vision
SecurityMetrics Assurance
Incident Response
Penetration Testing
PA-DSS Assessment
Onsite PCI DSS Audit
Vulnerability Assessment
SecurityMetrics MobileScan
Revenue $18.9 million (2009)
Number of employees
Website SecurityMetrics

SecurityMetrics is a multinational merchant data security and compliance company headquartered in Orem, Utah.[2] The company is a Payment Card Industry (PCI) Data Security Standard (DSS) vendor, listed[3] as a Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), P2PE QSA, PCI Forensic Investigator (PFI) and Payment Application Qualified Security Assessor (PA-QSA) by the PCI Security Standards Council.[4] SecurityMetrics has working relationships with major payment processing companies and global acquiring banks such as Global Payments Inc, Sterling Payment Technologies, and FirstMerit Bank to provide PCI compliance and other security solutions to their merchants.[5] SecurityMetrics currently has the largest support staff in the PCI industry worldwide, fielding over 132,000 calls a month, and employs nearly 400 employees.[6]

SecurityMetrics has been an A+ accredited business through the Better Business Bureau (BBB) since May 2005.[7]

Product History[edit]

SecurityMetrics was founded in 2000 by Brad Caldwell with the goal to test website security.[8] In 2002, SecurityMetrics released its first vulnerability scanning appliance. In 2003 SecurityMetrics released its first hardware device with intrusion detection and vulnerability assessment technology, and conducted its first forensic investigation.

SecurityMetrics was officially named a QSA and ASV by the PCI Council in 2006,[9] and certified as a security assessor for all four major card associations in the United States: Visa, MasterCard, American Express, and Discover.

In 2008, SecurityMetrics hit the 1 million customer mark and in 2009 the company was officially named a PA-QSA by the PCI Council. In 2010 it released PANscan®,[10] a card data discovery tool. In 2011 the company released a network threat sensor called Vision.

In 2012, SecurityMetrics released a program intended to reduce business liability called SecurityMetrics Assurance[11] and its new PCI verification and testing program, PCI Focus.

In 2013, SecurityMetrics released a Health Insurance Portability and Accountability Act compliance assessment program[12] intended to assist covered entity healthcare organizations in complying with HIPAA Security and Omnibus Final Rule[13] regulations. In May the company also announced an iOS and Android [14][15] app called MobileScan [16] intended to scan payment processing phones and tablets for security vulnerabilities.


Security Metrics have been awarded several industry awards including multiple Stevie Awards for Sales and Customer Service,[17] and local Utah awards for business and entrepreneurship.


  1. ^ Management - SecurityMetrics (accessed 6 December 2012)
  2. ^ About Us - SecurityMetrics (accessed 6 December 2012)
  3. ^ PCI DSS Listed Qualified Security Assessors (accessed 27 September 2011)
  4. ^ Qualified Security Assessors (accessed 5 August 2010)
  5. ^ ISO Launches PCI Compliance Program, Sees Strong Interest Among Merchants (accessed 17 August 20100
  6. ^ Global Payments Inc. - PCI DSS Program (accessed 25 August 2010)
  7. ^ SecurityMetrics, Inc. -BBB (accessed 5 July 2011)
  8. ^ Orem, Utah open house speech, Brad Caldwell] (accessed 31 August 2011)
  9. ^ Company passes PCI SSC Approved Scanning Vendor (ASV) test (accessed 29 August 2012)
  10. ^ Despite PCI, a Scanning Tool Finds Widespread Storage of Unencrypted Data (accessed 29 August 2012)
  11. ^ SecurityMetrics Assurance Empowers Acquirers, ISOs to Operate Without Fear of Merchant Compromise (accessed 29 August 2012)
  12. ^ About SecurityMetrics HIPAA (accessed 29 August 2012)
  13. ^ HHS Omnibus Final Rule Press Release
  14. ^ iOS app (accessed 28 August 2013)
  15. ^ Android app (accessed 28 August 2013)
  16. ^ [1] (accessed 9 May 2013)
  17. ^ 2013 Stevie Award Winners (accessed 4 April 2013)

External links[edit]