We are delighted to announce that we have been awarded the first Certificate of Compliance PCI DSS Level 1, in East Africa. The Certificate, which is vital for companies that accept credit card payments online and off line, represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.
“Payment Card Industry Data Security Standard (PCI DSS) is a standard developed by the major card brands and is intended to set a baseline in terms of the minimum controls to be in place to secure credit card data,” said Eran Feinstein, Managing Director, Direct Pay Online. “Complying with PCI DSS standard is mandatory for all entities storing, processing or transmitting credit card transactions. Being certified as the first company in East Africa PCI DSS Level 1 compliant is not only a most significant achievement, but also a necessary passport for us to be allowed to do business with other companies and banks. Recent security breaches, especially those involving credit card data, have made companies averse to doing business and sharing data with non-compliant entities.”
Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents.
The PCI DSS Council encourages all businesses that process payments to comply with the standards to help lower the brand and financial risks associated with account payment data compromises.
“In most of the world, compliance is compulsory but not in East Africa, so it is a great honour to be the first company in the region to be awarded the top level certificate,” added Feinstein. “Compliance is an ongoing process, not a one time event. It helps preventing security breaches and theft of payment card data not just today, but in the future.”
Version 3 of the PCI DSS standard is expected to be rolled out at the end of the current year and one should expect to see new requirements addressing emerging technologies such as virtualisation and cloud computing. These subjects are currently problematic areas in terms of compliance as understanding and auditing such systems present many challenges.
The Certificate was awarded to Direct Pay Online by Kyte Consultants, a firm specialising in PCI DSS compliance and certification.