Alarming statistics released recently by the South African Banking Risk Information Centre (SABRIC) indicate that banking and card fraud is on the rise, resulting in losses to the industry of R454-million in 2014 alone. Against this backdrop, Altech Card Solutions’ (ACS) renewal of its PCI DSS V3 certification puts ACS at the forefront of card fraud prevention.
According to Verizon, a global leader in wireless telecommunications, cyber-attacks are becoming increasingly sophisticated, but many criminals still rely on techniques such as phishing and hacking to steal and utilise the personal information of cardholders. This has made it an operational and strategic imperative for organisations such as ACS to be sufficiently equipped to safeguard its customers’ cardholders against fraud.
The Payment Card Industry Data Security Standard (PCI DSS) certification is a protective measure to optimise the security of credit and debit card transactions and protect cardholders against the misuse and abuse of personal information.
As one of South Africa’s leading providers of payment acceptance terminals, card personalisation and financial transaction services, ACS has supplied payment terminals to the banking and retail industries since 1993 and undertakes regular internal policy and procedure audits to ensure the company is able to mitigate the level of fraud attempted against its customers.
The PCI Security Standards Council was launched in 2006 by the five founding global payment brands; American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. and is a requirement for all payment solutions providers, says Attie van der Linde, GM: Integrated Transaction Solutions at ACS.
“With the startling increase in fraudulent card-related activity, globally and in South Africa, ACS considers it a priority to invest in certification such as PCI DSS to assist in protecting the cardholders of our customers against the many scams that are so prevalent today,” Van der Linde says.
“Our foremost priority is to protect the sensitive payment card information of the cardholders by equipping ACS’ systems with the correct software to safeguard against vulnerabilities such as malware or spyware,” Van der Linde adds.
ACS runs a secure and high availability transaction processing platform which it offers as a transactional service or as an outsourced hosted service, and to gain certification it was required to undertake specific measures such as:
* Ensuring the networks used in the production and processing of card transactions are protected with reputable firewalls
* Encryption of cardholder information including sensitive personal data such as a user’s name, address, phone number and date of birth
* Access to the system internally is restricted and monitored
* A formal IT security policy is instituted, revised and circulated amongst all employees to ensure compliance
“Receiving the certification demonstrates that ACS embraces compliance. The standard was introduced to ensure that the cardholder’s information cannot be easily compromised and having maintained the certification for three years is indicative of the value that the company places on ensuring our customers’ personal information is protected. Our customers can trust us with the sensitive information and trust means our customers have confidence in doing business with us,” Van der Linde concludes.