After an extensive project undertaken over a period of 18 months in conjunction with Trustwave, Ecentric is pleased to announce that it is the first Level 1 Service Provider to be granted Payment Card Industry Data Security Standard (PCI DSS) compliance status by Visa in Southern Africa. A Level 1 Service Provider is defined as any Service Provider who processes more than six million EFT transactions annually.
Ecentric engaged with Trustwave, a leading Visa/MasterCard Qualified Security Assessor (QSA), in January 2007 to assist it in achieving the necessary compliance. This certification is a pre-requisite for all financial organisations, merchants and service providers who process electronic fund transfers. The certification is administered by the PCI Security Standards Council an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including MasterCard, Visa, American Express, Discover Financial Services and JCB International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The project was completed in July 2008 after a thorough audit was conducted by a Senior Consultant from Trustwave Europe. Merchants who use the EFT switching capabilities provided by Ecentric can be assured that the processing and protection of sensitive cardholder data meets the strictest requirements laid down by the international card issuers. In addition the individual cardholder can be guaranteed that his personal banking information is secure and protected at all times throughout the transaction switching and settlement process.
Ecentric currently provides EFT switching services to a number of major Southern African retailers and merchants, and transacts on their behalf with all the major banking entities. After the recent card fraud problems experienced by retail groups in the USA, it is imperative that both merchants and cardholders ensure that their data is being protected in the most stringent manner. By entrusting these services to a PCI DSS certified service provider you are eliminating the majority of the risks associated with bank card fraud and potential charge-backs.
The PCI DSS compliant solutions offered as standard by Ecentric, ensure that as much compliancy is built into the switching infrastructure from inception with the objective of making the merchants implementation more secure and their own PCI DSS certification procedure more easily attainable when they go through the process themselves.