"End-to-End" Solution Simplifies PCI Compliance for Small Merchants, Acquirers and ISOs

Mercantec, a global provider of e-commerce solutions to small and mid-sized businesses, and Ambiron, a leader in data security and compliance services in the payment industry, have announced the successful development and testing of PCI SecureSiteÔ , an integrated e-commerce compliance solution that secures merchant transactions at every critical juncture - from the web hosting provider to the shopping cart to the payment gateway. Ambiron and Mercantec have submitted a formal report to Visa USA for validation of the solution as the industry's first official "end-to-end" compliance solution.

Bank and ISO Benefits
For acquiring banks and Independent Sales Organizations (ISOs) who underwrite and mange thousands of merchants, the integrated solution provides assurance that their merchants and service providers are operating in a manner consistent with the industry data security standards, thereby reducing the risk of fraud among their merchant population.

Merchant Benefits
For small merchants - Payment Card Industry (PCI) Level 3 and Level 4 merchants - who adopt the integrated solution for the transaction process, their compliance with card association data security standards would be automatically validated. As a result, the risk of unauthorized access to cardholder data they process, store and or transmit would be significantly reduced along with the risk that they will be fined for non-compliance with industry data security standards.

"Banks and ISOs can finally leverage the full potential of Internet e-commerce" said Bill Tait, founder and CEO of Mercantec. "Merchant account providers can feel confident when recommending an e-commerce solution to their merchants, because all of the moving parts have been securely assembled and integrated based on the PCI specifications."

"As the first integrated, end-to-end solution, PCI SecureSite will simplify the compliance process for acquirers, ISOs, service providers and merchants enabling all components of the transaction supply chain to leverage industry best practices for the protection of credit cardholder data," said Andy Bokor, chief operating officer of Ambiron.

Solution Overview
PCI SecureSite is comprised of four distinct components: Shared Web Hosting, Storefront Software Application/Shopping Cart, Payment Gateway, and Qualified Security Assessor and Scanning.

• WebXess (Shared Web Hosting) - WebXess provides infrastructure that hosts the storefront software application. For the integrated solution, WebXess is responsible for all physical security, provisioning, access controls to their servers, server configurations and device management. In addition, WebXess is responsible for ensuring that the e-commerce software application is implemented in accordance with Mercantec's instructions, and in a manner that supports compliance with the PCI.
• Mercantec (Storefront Software Application/Shopping Cart) - Mercantec's PowerCommerce 2005 is the storefront software and shopping cart element of the integrated solution. It has been validated by Visa USA as an approved application in conjunction with Visa's Payment Application Best Practices (PABP) standard. Mercantec is also responsible for ensuring that their PowerCommerce 2005 is securely and seamlessly integrated with compliant payment gateways.
• Authorize.Net (Payment Gateway) - Authorize.Net (Payment Gateway) - Authorize.Net provides Internet Protocol (IP) based payment gateway solutions-enabling merchants to authorize, settle and manage electronic transaction--for the integrated compliance solution. Authorize.Net has been validated for compliance with Visa USA's Cardholder Information Security Program (CISP).
• Ambiron (Qualified Security Assessor) - Ambiron has been engaged as the Qualified Security Assessor (QSA) to validate the compliance of the Integrated Compliance Solution. Ambiron's responsibilities include assessing the integration of the component parts, conducting physical and technological assessments consistent with the PCI auditing procedures, and conducting monthly Vital SignsÔ security scans as required by the PCI. Ambiron is a QSA for all the card associations.

More information on the PCI SecureSite end-to-end compliance solution and related partnership programs can be found at www.pcisecuresite.com.

About Mercantec, Inc. (www.mercantec.com)
One of the Internet's e-commerce pioneers, Mercantec serves small and medium-sized businesses from its headquarters in Chicago. Established in 1995, Mercantec has a long history of providing easy, complete, and secure web site building and online storefront solutions. Today, Mercantec has over 70,000 customer installations worldwide through industry-leading web hosting firms, site designers, Internet service providers, and telecommunications companies. For additional information, please visit www.mercantec.com or call 630-305-3200.

About Ambiron (www.ambiron.net)
Ambiron provides data security and compliance services to businesses that process, store and/or transmit credit card data. For banks, merchants and service providers, Ambiron mitigates risk by validating compliance with the Payment Card Industry Data Security Standard, which covers the information security requirements of American Express, Discover, MasterCard, Visa Canada and Visa USA. Ambiron serves more than 25,000 clients including financial organizations, global electronic exchanges, educational institutions, and business services firms. Headquartered in Chicago with offices throughout the United States, Ambiron's staff is composed of network and data security professionals who have substantial experience in delivering services to large and mid-sized companies.

Ambiron, a TrustWave Holdings Corporation, was formed in March 2005, as a result of the merger between TrustWave Corporation and Ambiron, LLC. The combined company operates under the Ambiron name to market services to business in the payment card industry.

About Authorize.Net (www.authorize.net)
Authorize.Net provides secure, reliable, Internet Protocol (IP)-based payment gateway solutions that enable merchants to authorize, settle and manage electronic transactions anytime, anywhere, via Web sites,
retail, mail order/telephone order (MOTO) call centers and on wireless devices. Authorize.Net is sold through an extensive network of reseller partners and leading financial institutions that offer its industry-leading payment services to their merchant customers. Authorize.Net is a service of Lightbridge Inc (Nasdaq: LTBG).

About Lightbridge
Lightbridge, Inc. (NASDAQ:LTBG) is a leading analytics, decisioning and e-commerce company that businesses trust to manage customer transactions. Lightbridge adds value to fraud screening, credit qualification, payment authorization, billing, and enhanced voice and data services. Lightbridge solutions leverage intelligent automated systems and human expertise delivered primarily through the efficiencies and cost savings of an outsourced business model. Businesses around the world use Lightbridge to make smarter decisions, deliver better services, provide secure payments, reduce costs and enhance the lifetime value of their customers. For more information, visit www.lightbridge.com or call 800-LIGHTBR.

About WebXess, Inc. (www.webxess.net)
WebXess, Inc. (also known as Webii.net) was established in 1996 with the mission of bringing high-quality web hosting services to individuals and small to medium-sized businesses in Austin, Texas, and around the world. The company has seen extensive growth in web hosting, custom web development, domain name registration, and Internet-related consulting. As one of the first and most experienced hosting providers, WebXess provides its award-winning customer service to businesses all over the world. More information can be found at www.webxess.net