In a world where 40% of CEOs globally consider information security one of the greatest risks to business, Altron unit ACS has become the first company in South Africa to offer retailers a PCI validated point-to-point encryption (P2PE) solution to protect consumer card data at point-of-sale.
ACS provides its clients with increasingly-enhanced security at a time when an ever-increasing number of consumers are seeing their bank accounts being emptied through fraud.
The Payment Card Industry Data Security Standard (PCI DSS), a widely accepted set of policies and procedures intended to optimise the security of card transactions and protect cardholders against the misuse of their personal information.
Attie van der Linde, GM of ACS, explains that ACS implemented the standard to protect cardholders.
ACS has been certified by the Payment Card Industry Security Standards Council (PCI SSC) for the sixth consecutive year, indicative of the value the company places on ensuring customer personal information is protected.
One of the PCI SSC’s latest security developments is Point-to-Point Encryption, or P2PE.
This ensures confidential card payment data is encrypted at the point the payment is taken using industry state of the art encryption processes, removing card data from a retailer’s network, which helps to better protect payments from the point of sale through to the bank.
“We adopted the guidelines published for P2PE and implemented the solution for retail customers. Our solution was assessed by Foregenix and the PCI P2PE Certification services were delivered by one of the industry’s leading Qualified Security Assessor teams. This makes ACS the first payment processor in South Africa and CEMEA to have a P2PE solution validated and listed by the PCI SSC,” says van der Linde.
“While each case is individual, and consumers could have fallen prey to a phishing scam, a card skimming device at an ATM, or even a hack, it’s vitally important to protect as many points of contact as possible,” says van der Linde.
“A key point of contact is the retailing environment, because consumers are quick to complain via social media and other channels if they think their personal information has been compromised, and their accounts cleaned out because of a retailer,” he adds. “Information security is increasingly seen as a strategic priority for retailers, because they acknowledge costs that can’t easily be counted, such as brand erosion and reputational damage.”
That’s why almost 100% of global CEOs surveyed in the Annual Global CEO Report by PwC Global consider information security vital to their organisation, with 40% considering it one of the greatest risks to their business in 2018. This percentage increased from 24% in 2017.
One way retailers can stay on top of InfoSec is to adhere to the PCI DSS guidelines.
The benefits of retailers adopting and using the validated P2PE solution from ACS are:
* Makes card data unreadable by unauthorised parties;
* “De-values” card data because it can’t be abused – even if stolen;
* Simplifies the retailer’s compliance with PCI DSS;
* The P2PE Self-Assessment Questionnaire includes only 26 PCI DSS requirements;
* Offers a powerful, flexible solution for all stakeholders to secure cardholder data.
Paolo Basilio, P2PE practice lead at Foregenix, says: “ACS accomplishing PCI P2PE compliance and obtaining the first PCI P2PE Solution listing in Africa is an important milestone for the South African economy and the fight against the point-of-sale breaches that have plagued this market in recent years. It proves that South African organisations are able to implement solutions that are world class and are equipped to protect merchants and retailers against an increasing hostile global threat landscape.
“ACS achieved certification in just seven months, an incredible feat as, given our extensive experience in the industry having listed more solutions than any other QSA company globally, some organisations take a number of years to achieve this milestone.”