Paycorp achieves PCI compliance
Paycorp Holdings and its three subsidiaries: ATM Solutions; DrawCard and EFTPOS share a common platform which is connected with the majority of Southern African banks and is active across all major payment streams. As a VISA third party processor and SARB authorised South African System Operator, adherence to and compliance with the requirements of PCI’s Data Security Standard (DSS) ensures that Paycorp Holdings remains a credible and preferred third party processor.
PCI DSS compliance presents many benefits – it certifies that Paycorp Holdings enforces information security best practices and reassures all its clients that payment card data is accepted and processed in a secure manner. Compliance is an ongoing requirement and an audit is conducted annually to ensure that compliance is maintained. A regular review of PCI standards, by the PCI Security Standards Council, ensures that improved data security measures are introduced for detection and prevention of fraud.
As a third party processor, Paycorp Holdings underwent an intensive assessment, implementation and alignment process over a two and a half year period and was certified as PCI DSS version 1.2.1 compliant on 12 October 2011.
Paycorp Holdings’ Natasja Jordaan, Programme Manager for the project, explains: “The accurate interpretation of the PCI DSS requirements was crucial in achieving compliance. Segmenting our network and enforcing a standardised approach for sustainable processes introduced many challenges in mitigating impact to processes and systems, particularly because we have different payment streams which include card acquiring at ATM and POS (Point-of-Sale), as well as card issuing. PCI compliance is now the standard for all new projects to ensure that new systems and processes remain aligned. ” she says.
Visa’s Head of Country Risk Management – Africa, Bryce Thorrold, says: “Visa attaches tremendous value to its brand as well its cardholders and the knowledge that all parties involved in transaction processing are collecting data in a responsible manner, provides Visa with peace of mind. Paycorp Holdings processes a large volume of Visa cards and as one of the largest African payment processors, the security of Paycorp Holdings is a high priority for Visa. We truly appreciate the effort which has been expended to reduce the threat landscape. With current compliance pressure on large merchants, they are seeking to use compliant service providers and processors going forward. Visa has set aggressive compliance targets for 2011 and thanks to efforts such as Paycorp’s, expected targets will be met.”
Commenting on the overall benefits of being PCI compliant, Stephen Hochstadter, Paycorp Holdings’ Chief Operating Officer overseeing the risk function, states the fact that they can securely process cardholder information and augment existing banking partnerships is highly rewarding.
“We understand the importance of data protection and that partnering with highly regulated counterparties such as the banking institutions, requires us to comply with best practices remaining a trusted partner. The fact that PCI compliance also ensures alignment to other industry standards such as ISO 27003, KING III, and CobiT is also advantageous. PCI DSS certification has propelled us into a new era of increased protection of customers’ personal data as well as protection against financial losses that arise from security breaches giving Paycorp the ability to maintain customer trust and safeguard reputation.”