Debitsuccess, Australasia’s leading payment solutions company, has been accredited with the highest PCI DSS compliance rating (Level 1) for the fourth year running, maintaining its standing as an industry leader in data security for financial transactions.
The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised commercial compliance standard for organisations that store, process or transmit credit cardholder information. Established in 2004 by five major international credit card companies, it represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.
Roger Greyling, lead Qualified Security Assessor (QSA) for Security-Assessment.com conducted the assessment for Debitsuccess and says the direct debit billing provider demonstrated a rarely seen level of maturity with regards to financial information security.
“Some organisations attempt to achieve compliance by satisfying a checklist, but they can’t maintain this as the structures and processes required to continually adapt have not been adequately implemented. For Debitsuccess to attain Level 1 PCI DSS compliance for the past four years is a significant achievement.”
PCI DSS compliance is validated at four different levels, dependent on transaction volumes – Companies at Levels 3 and 4 can self-assess, Level 2 can self-assess or be externally audited, and Level 1 must be externally assessed, with approximately 250 mandatory controls. These include building and maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, implementing data security awareness training with employees and maintaining an Information Security Policy.
Essentially, Level 1 compliant companies must have the policies, procedures, physical structures and technologies to ensure credit card information is protected. This process involves assessor visits to validate compliance and extensive external and internal penetration testing.
Brian Garrity, Debitsuccess Head of Group Compliance, says the company’s efforts to achieve Level 1 PCI DSS compliance are a clear demonstration of its ongoing commitment to the security of cardholder data.
“This achievement underscores the significance we place on security measures and also the level of security maturity and awareness within our organisation. This illustrates to our customers that we take our responsibility as a trusted credit card and direct debit billing provider seriously.”
PCI DSS compliance provides various advantages from helping businesses respond to and mitigate potential data security breaches and cyber security attacks, to assisting customers to become more efficient which leads to an improved bottom line.
Debitsuccess is part of the Transaction Services Group (TSG), a leading global payment solutions provider with a presence in Australasia and the United Kingdom. TSG recently announced its expansion into the United States, with the establishment of a Debitsuccess operation in San Francisco.
The PCI DSS accreditation comes hot on the heels of Transaction Services Group placing 39th in the Technology Investment Network’s TIN100 list, making it one of New Zealand’s top 40 most successful, globally focused technology businesses in 2014.