Debitsuccess attains highest global compliance rating

12 September 2011

Debitsuccess attains highest global compliance rating for customer data security

Direct debit processing company the first of its kind to achieve new international PCI DSS compliance rating

Leading direct debit payment processing company, Debitsuccess, has today been recognized as the first company of its kind in Australasia to achieve full compliance with a worldwide rating standard for customer data security.

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised information security standard for organizations that handle credit cardholder information. Originally set-up in 2004 by five major international credit card companies, the standard was created to increase controls around cardholder data to reduce credit card fraud.

While Debitsuccess has been a PCI DSS compliant company for a number of years, new additional rigorous requirements have been introduced by the Payment Card Industry Security Standards Council to provide even greater security measures within the standard.

Debitsuccess’ CEO, Allan Dickinson, says that the company’s compliance with the highest level of the standard will be of enormous comfort to Debitsuccess’ clients as they can be confident that their financial data is being handled in the most secure of environments.

Although Debitsuccess does not currently process the number of transactions that would mandate an external assessment to accredit the company as being Level 1 PCI DSS compliant, Mr Dickinson says the company decided that it would make the investment of time and resources in order to achieve the ultimate level of compliance possible within the PCI DSS regime.

“As we saw with recent high profile data breaches at Sony and Lush Cosmetics, an organisation’s reputation and assets are constantly vulnerable to attack from unscrupulous individuals,” he says.

“Debitsuccess is committed to being part of the leading edge of information security, protecting both the security of the data it possesses and the integrity and reputation of the company.”

Additionally, Debitsuccess decided to seek compliance under the latest ‘version 2.0’ Standard, which is not a compulsory requirement until 2012. Having now achieved compliance, Debitsuccess is one of the few companies in Australasia to meet the latest Level 1 PCI DSS version 2.0 requirements.

The PCI DSS compliance project has been headed by Debitsuccess’ Group Compliance Manager, David Morris, while most of the technical changes to the company’s infrastructure have been the responsibility of Debitsuccess’ IT Manager Steven Holmes.

Mr Morris highlighted that the commitment from all the Debitsuccess employees has been critical. “Anyone attempting to manage a PCI DSS project will require total buy-in from senior management and every definable section that is connected to sensitive data”.

He adds that “to be able to get every stakeholder to meet concurrent and contemporaneous milestones can be a challenge, but thanks to the outstanding commitment at Debitsuccess, the project proved to be a great success and a galvanising influence on the company”

While pleased that Debitsuccess’ pre-existing regime was proven to be highly secure, Mr Holmes says he is now satisfied that the additional measures implemented will serve to further strengthen the architecture in place.

“The IT team feels a great sense of accomplishment and pride in meeting the extremely rigorous requirements of PCI DSS.”

The PCI DSS external assessment carried out at Debitsuccess was undertaken on behalf of the Payment Card Industry (PCI) by a Qualified Security Assessor (QSA). Roger Greyling of Security Assessment, a division of Dimension Data, has worked in partnership with Debitsuccess, providing advice and support to achieve compliance since March 2011.

Mr Holmes says; “We were always proud of the level of security in place but the guidance provided by PCI DSS, together with the solution-based advice received from our QSA, has resulted in a greater focus on security issues and a confidence that our software and infrastructure have been fully assessed and accredited as being fit for purpose by the PCI Council.”

ENDS

© Scoop Media