News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Paycorp achieves PCI compliance

The PCI Security Standards Council (SSC), an international organisation whose aim is to develop, maintain and manage PCI security standards, monitors compliance to Payment Card Industry (PCI) Data Security Standards (DSS). This compliance has been awarded to Paycorp Holdings, a leading Southern African payments company, which becomes one of the first in the financial services industry to achieve such compliance.
Signing of the Attestation of Compliance for PCI on 13 October 2011 confirms Paycorp Holdings as one of the first in the industry to achieve full PCI compliance. Pictured here is Stephen Hochstadter (sitting), Paycorp Holdings’ Chief Operating Officer who oversaw the risk function, Natasja Jordaan as the Project Champion (standing front), Herman Schouwink (back left) Paycorp IT Executive who gave input and direction, and Quintin De Boer (back right) who advised on policies and documentation.
Signing of the Attestation of Compliance for PCI on 13 October 2011 confirms Paycorp Holdings as one of the first in the industry to achieve full PCI compliance. Pictured here is Stephen Hochstadter (sitting), Paycorp Holdings’ Chief Operating Officer who oversaw the risk function, Natasja Jordaan as the Project Champion (standing front), Herman Schouwink (back left) Paycorp IT Executive who gave input and direction, and Quintin De Boer (back right) who advised on policies and documentation.

The global payment brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. founded the PCI SSC in 2006 and each payment brand regulates and validates implementation and compliance of the PCI Security Standards with their industry partners whilst also being responsible for the enforcement of penalties for non-compliance.

Its fundamental objective is to continuously augment and distribute security standards whilst educating global organisations that process, transmit and store cardholder account data, about data protection. The council provides valuable resources, tools and standards to a broad spectrum of industry players and security professionals associated with payment card data security.

South African security benefits

Paycorp Holdings and its three subsidiaries, ATM Solutions, DrawCard and EFTPOS, share a common platform, which is connected with the majority of Southern African banks and is active across all major payment streams. As a VISA third party processor and SARB authorised South African System Operator, adherence to and compliance with the requirements of PCI's DSS ensures that the group remains a credible and preferred third party processor.

PCI DSS compliance presents many benefits - it certifies that the group enforces information security best practices and reassures all its clients that payment card data is accepted and processed in a secure manner. Compliance is an ongoing requirement and an audit is conducted annually to ensure that compliance is maintained. A regular review of PCI standards, by the PCI Security Standards Council, ensures that improved data security measures are introduced for detection and prevention of fraud.

Intense assessment

As a third party processor, the group underwent an intensive assessment, implementation and alignment process over a two and a half year period and was certified as PCI DSS version 1.2.1 compliant on 12 October 2011.

Paycorp Holdings' Natasja Jordaan, programme manager for the project, explains, "The accurate interpretation of the PCI DSS requirements was crucial in achieving compliance. Segmenting our network and enforcing a standardised approach for sustainable processes introduced many challenges in mitigating impact to processes and systems, particularly because we have different payment streams, which include card acquiring at ATM and POS (Point-of-Sale), as well as card issuing. PCI compliance is now the standard for all new projects to ensure that new systems and processes remain aligned."

Visa's head of country risk management - Africa, Bryce Thorrold, adds, "Visa attaches tremendous value to its brand as well its cardholders and the knowledge that all parties involved in transaction processing are collecting data in a responsible manner, provides Visa with peace of mind. Paycorp Holdings processes a large volume of our cards and, as one of the largest African payment processors, its security is a high priority for Visa. We truly appreciate the effort, which has been expended to reduce the threat landscape. With current compliance pressure on large merchants, they are seeking to use compliant service providers and processors going forward. Visa has set aggressive compliance targets for 2011 and thanks to efforts such as this, expected targets will be met."

Commenting on the overall benefits of being PCI compliant, Stephen Hochstadter, Paycorp Holdings' COO, overseeing the risk function, states the fact that they can securely process cardholder information and augment existing banking partnerships is highly rewarding.

"We understand the importance of data protection and that partnering with highly regulated counterparties such as the banking institutions, requires us to comply with best practices remaining a trusted partner. The fact that PCI compliance also ensures alignment to other industry standards such as ISO 27003, KING III, and CobiT is also advantageous. PCI DSS certification has propelled us into a new era of increased protection of customers' personal data as well as protection against financial losses that arise from security breaches giving Paycorp the ability to maintain customer trust and safeguard reputation."

Let's do Biz