Debitsuccess again receives highest PCI DSS compliance rating
Debitsuccess, Australasia’s leading payment solutions company, has been accredited with the highest PCI DSS compliance rating (Level 1) for the fifth year running, maintaining its standing as an industry leader in data security for financial transactions.
The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised commercial compliance standard for organisations that store, process or transmit credit cardholder information. Established in 2004 by five major international credit card companies, it represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.
Roger Greyling, lead Qualified Security Assessor (QSA) for Foregenix, a global information security specialist, conducted the assessment for Debitsuccess and says the direct debit billing provider demonstrated an exceptional standard of maturity with regards to financial information security.
“Comprehensive compliance is not about satisfying a checklist. Structures and processes need to be adequately implemented and continually adapted. For Debitsuccess to attain Level 1 PCI DSS compliance for the past five years is a significant achievement.”
PCI DSS compliance is validated at four different levels, dependent on transaction volumes – Companies at Levels 3 and 4 can self-assess, Level 2 can self-assess or be externally audited, and Level 1 must be externally assessed, with approximately 380 mandatory controls. These include building and maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, implementing data security awareness training with employees and maintaining an Information Security Policy.
Essentially, Level 1 compliant companies must have the policies, procedures, physical structures and technologies to ensure credit card information is protected. This process involves assessor visits to validate compliance and extensive external and internal penetration testing.
Brian Garrity, Debitsuccess Head of Group Compliance, says the company’s efforts to achieve Level 1 PCI DSS compliance are a clear demonstration of its ongoing commitment to the security of cardholder data.
“This achievement emphasises the significance we place on security measures and also the level of security maturity and awareness within our organisation. This demonstrates to our customers that we take our responsibility as a trusted credit card and direct debit billing provider seriously.”
PCI DSS compliance provides various advantages from helping businesses respond to and mitigate potential data security breaches and cyber security attacks, to assisting customers to become more efficient which leads to an improved bottom line.
Debitsuccess is part of the Transaction Services Group (TSG), a leading global payment solutions provider with a presence in New Zealand, Australia, the United Kingdom and the United States.
The PCI DSS accreditation comes hot on the heels of Transaction Services Group being named in the 2015 Ernst & Young Ten Companies to Watch, as part of the Technology Investment Network (TIN).