The global payment brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. founded the PCI SSC in 2006 and each payment brand regulates and validates implementation and compliance of the PCI Security Standards with their industry partners whilst also being responsible for the enforcement of penalties for non-compliance.
Its fundamental objective is to continuously augment and distribute security standards whilst educating global organisations that process, transmit and store cardholder account data, about data protection. The council provides valuable resources, tools and standards to a broad spectrum of industry players and security professionals associated with payment card data security.
Paycorp Holdings and its three subsidiaries, ATM Solutions, DrawCard and EFTPOS, share a common platform, which is connected with the majority of Southern African banks and is active across all major payment streams. As a VISA third party processor and SARB authorised South African System Operator, adherence to and compliance with the requirements of PCI's DSS ensures that the group remains a credible and preferred third party processor.
PCI DSS compliance presents many benefits - it certifies that the group enforces information security best practices and reassures all its clients that payment card data is accepted and processed in a secure manner. Compliance is an ongoing requirement and an audit is conducted annually to ensure that compliance is maintained. A regular review of PCI standards, by the PCI Security Standards Council, ensures that improved data security measures are introduced for detection and prevention of fraud.
As a third party processor, the group underwent an intensive assessment, implementation and alignment process over a two and a half year period and was certified as PCI DSS version 1.2.1 compliant on 12 October 2011.
Paycorp Holdings' Natasja Jordaan, programme manager for the project, explains, "The accurate interpretation of the PCI DSS requirements was crucial in achieving compliance. Segmenting our network and enforcing a standardised approach for sustainable processes introduced many challenges in mitigating impact to processes and systems, particularly because we have different payment streams, which include card acquiring at ATM and POS (Point-of-Sale), as well as card issuing. PCI compliance is now the standard for all new projects to ensure that new systems and processes remain aligned."
Visa's head of country risk management - Africa, Bryce Thorrold, adds, "Visa attaches tremendous value to its brand as well its cardholders and the knowledge that all parties involved in transaction processing are collecting data in a responsible manner, provides Visa with peace of mind. Paycorp Holdings processes a large volume of our cards and, as one of the largest African payment processors, its security is a high priority for Visa. We truly appreciate the effort, which has been expended to reduce the threat landscape. With current compliance pressure on large merchants, they are seeking to use compliant service providers and processors going forward. Visa has set aggressive compliance targets for 2011 and thanks to efforts such as this, expected targets will be met."
Commenting on the overall benefits of being PCI compliant, Stephen Hochstadter, Paycorp Holdings' COO, overseeing the risk function, states the fact that they can securely process cardholder information and augment existing banking partnerships is highly rewarding.
"We understand the importance of data protection and that partnering with highly regulated counterparties such as the banking institutions, requires us to comply with best practices remaining a trusted partner. The fact that PCI compliance also ensures alignment to other industry standards such as ISO 27003, KING III, and CobiT is also advantageous. PCI DSS certification has propelled us into a new era of increased protection of customers' personal data as well as protection against financial losses that arise from security breaches giving Paycorp the ability to maintain customer trust and safeguard reputation."
