Payment services provider PayGate has been certified compliant with the security standards of the Global Payment Card Industry (PCI) Security Standards Council, MD Peter Harvey has confirmed.
“The PCI certification is a comprehensive best practice standard for managing any business that comes into contact with credit card information,” says Harvey. “As a payment gateway provider for online retailers, airlines and other e-commerce businesses throughout Africa, it is essential that we comply with the highest standards of security in the industry.”
Harvey says PayGate has had to show evidence that hundreds of controls are in place, covering everything from the physical security of its offices and data centre, through staff training and supplier agreements to firewalls, intrusion detection and file integrity management.
“PCI compliance means that any credit card information we handle on behalf of our clients and their customers is protected by multiple layers of security,” says Harvey. “In addition to the anti-virus and firewall protection customers would expect, all sensitive information is encrypted.
Harvey adds that many payment gateways are likely to find compliance particularly onerous: “The standard defines bank-level security,” he says. “Currently only a handful of South African businesses are certified, but we believe that this will rapidly become a basic requirement for doing business. Every merchant should be asking if their gateway is PCI compliant – and if not, when they will become so. The process takes at least 18 months of serious effort.”