Galix Networking (Galix), specialist in the design, implementation and management of communications and security infrastructure, is proud to announce its certification as an accredited Payment Card Industry (PCI) Quality Security Assessor (QSA) partner as of 20 March 2012. Galix joins the ranks of just nine QSA companies licensed to operate in Africa, and is one of only five QSA organisations with offices in South Africa and a local presence.
The PCI Security Standards Council (SSC) offers robust and comprehensive standards and supporting materials to enhance payment card data security. QSA companies are organisations that have been qualified by the Council to assess compliance to the PCI Data Security Standard (DSS). PCI DSS is aimed at enhancing security in the payment card industry, and forms a cornerstone in the fight against payment card fraud and theft. The standard outlines an actionable framework and best practice including prevention, detection and appropriate reaction to security incidents.
PCI DSS compliance
Any business, merchant or service provider that accepts credit cards, either online or offline, needs to be compliant with the DSS. Service providers including payment gateways, online retailers and any third parties involved in the storage and/or processing of card holder data must be audited by a QSA. Level one and two merchants, defined by the payment card brands according to the number of transactions processed per month, also require external auditing.
“There are many organisations that need to be compliant, which involves security management, policies, procedures, network architecture, software design and other critical protective measures amongst other aspects. The challenge is in knowing where to start with such a project. It is vital to understand what is within the scope and what is not, but this is easier said than done. In order to do this you need to know how cardholder data travels throughout systems, and identify every single system component that is involved in storing, processing or transmitting data,” says Simeon Tassev, Managing Director of Galix Networking.
PCI DSS compliance involves a comprehensive checklist of twelve requirements, including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy. Each of these processes has several steps that should be followed, and under each of these steps are multiple criteria that need to be met for compliance.
“Another challenge is the fact that there are no degrees of compliance. If organisations do not meet each and every criterion on the checklist, they will not be considered compliant. This is a complex process which often requires skilled assistance. As experts in the security field prior to our certification, and with a level 2 Broad Based Black Economic Empowerment (BBBEE) rating, we are now perfectly positioned to assist merchants, service providers and third party suppliers in South Africa with ensuring that they are PCI DSS compliant,” says Tassev.
Achieving Qualified Security Assessor status
QSAs are organisations that have been certified by the PCI Security Standards Council to validate an entity’s adherence to the PCI DSS. This is an in-depth program for security companies and involves on-going reassessment and training to ensure that the highest standards are maintained. All certified organisations must meet stringent criteria according to internal practices, experience and certifications.
“To become an accredited PCI QSA partner involves dedication, time and effort with a minimum investment of two years before certification can be achieved. Organisations have to attend a number of training sessions, submit extensive documentation and maintain a certain level of training from the PCI and approved vendors on an annual basis,” says Tassev.
“Having applied for the first time to join the program in February 2011, our documents were approved in October after which we attended our final training in February and received our official status on 20 March,” he adds.
Opening up new avenues of business
As a PCI QSA partner, Galix is now one of only a few hundred organisations in the world certified to conduct these assessments. Of these organisations, just nine operate in Africa, with only five having offices locally. This enables Galix to service new markets in South Africa and into the African continent, with the benefit of local experience, a local presence and a top level BBBEE rating.
“Being a security specialist with this type of endorsement puts us in the league of only a handful of companies in the world. This gives us excellent credibility not only in this new avenue of business but in our existing market as well, and helps us to take our organisation to the next level. As a certified PCI QSA partner we have an enhanced image and a greater competitive edge,” Tassev concludes.
For more information on the PCI Security Council and the DSS visit: