The Payments Association of SA (Pasa) announced that private credit card and banking details have been leaked during a breach at a company which processes online transactions for a number of large online merchants. PayU, Naspers-owned mobile and online payment service provider has confirmed that they are not the online payment service provider in question as they are PCI DSS compliant offering the protection and security of their merchants and customers card data.
Pasa CEO Walter Volke stated that the card data emanating from the online transactions were stored in a manner which does not meet the stringent security standards expected by Pasa, the international card schemes and the bank.
The PCI DSS is a set of comprehensive safety requirements that payment gateways need to comply with to ensure that all cardholder data is always stored, processed and transmitted securely. As a payment service provider that enables businesses to accept debit and credit card payments online, compliance with data security best practices is of the utmost importance for the company. PayU is one of few payment gateways in the country to have received this certification.
“These wide-ranging standards have been established due to the escalating statistics of stolen cardholder account data. This has resulted in merchants and financial institutions suffering fraud losses and has incurred unforeseen operational expenses, which has inconvenienced consumers significantly. Our system has been PCI DSS complaint for four years as we recognise the importance of taking measures to protect our merchants and customers,” comments Mark Chirnside, CEO of PayU.