Security News South Africa

PCI certification for PayGate

The Global Payment Card Industry (PCI) Security Standards Council has certified South African payment services provider PayGate as compliant with its security standards.

"The PCI certification is a comprehensive best practice standard for managing any business that comes into contact with credit card information," says PayGate MD, Peter Harvey. "As a payment gateway provider for online retailers, airlines and other e-commerce businesses throughout Africa, it is essential that we comply with the highest standards of security in the industry."

He says the company has had to show evidence that hundreds of controls are in place, covering everything from the physical security of its offices and data centre, through staff training and supplier agreements to firewalls, intrusion detection and file integrity management.

"PCI compliance means that any credit card information we handle on behalf of our clients and their customers is protected by multiple layers of security. In addition to the anti-virus and firewall protection customers would expect, all sensitive information is encrypted.

He adds that many payment gateways are likely to find compliance particularly onerous. "The standard defines bank-level security. Currently only a handful of South African businesses are certified, but we believe that this will rapidly become a basic requirement for doing business. Every merchant should be asking if their gateway is PCI compliant - and if not, when they will become so. The process takes at least 18 months of serious effort."

Let's do Biz