Galix certifies on additional PCI standards to simplify compliance auditing
Galix Networking, local auditor for Payment Card Industry (PCI) Data Security Standard (DSS) compliance, has obtained certification in an additional two PCI standards, namely PCI point-to-point encryption (P2PE) Assessor and Card Production and Provisioning as Card Production Security Assessor (CPSA). This expanded PCI certification enables Galix auditors to cater to a broader range of client requirements, while simultaneously simplifying compliance with the PCI DSS standard.
“Rounding out our PCI certification and audit capabilities helps us to provide a more holistic service to our customers. This is a niche market in Africa and in South Africa in particular, and we are among the few organisations to provide this type of service locally. This means we are able to deliver a cost-effective, convenient service offering around multiple mandatory compliance requirements,” says Simeon Tassev, MD and QSA at Galix.
The P2PE standard ensures that appropriate encryption standards are in place across the payment card chain to protect sensitive payment data, from the physical point of sale device through to the bank. All P2PE-certified solutions are listed on the PCI website, and merchants can then easily select from these compliant solutions, which in turn simplifies their compliance with PCI DSS.
“The PCI DSS standard has over 240 controls that need to be put into place, but if the merchant makes use of a certified P2PE solution, there are fewer than 25 that need to be considered,” adds Tassev.
The CPSA standard augments Galix’s services, enabling Galix auditors to certify the entire payment card process from manufacturing and production through to provisioning and personalisation. The moment a card has a chip in it and is linked to a bank, there is risk and potential for fraud, which makes security imperative. This has become increasingly important as new payment methods like virtual cards become more commonplace, as these must still adhere to stringent security standards even though there is no physical card.
“Payment card crime and fraud are an unfortunate reality of our current times, and securing the entire process is essential to protect personal information and prevent theft. Point-to-point encryption is becoming a global best practice standard and ensuring that solutions used are certified not only protects customers and their information, but simplifies other compliance processes,” says Tassev.
“By including P2PE and CPSA in our offering, we are adding significant value for our customers, particularly retail clients and their service providers. We are also continually looking to improve our services, and we will be certifying on an additional standard by the end of the year,” he concludes.
Galix is a display sponsor of the annual ITWeb Security Summit 2022, to be held at Sandton Convention Centre in Sandton, Johannesburg on 31 May and 1 June 2022 and at Century City Conference Centre, Cape Town on 6 June 2022. In an increasingly connected, digital world, cyber security threats are constantly evolving and increasing in number and sophistication. Security professionals need to be up to speed with the latest technologies, techniques and skills for predicting and mitigating potentially crippling cyber attacks, the methods and tools in use by today's threat actors, and the latest legal and compliance demands. ITWeb Security Summit 2022, now in its 17th year, will again bring together leading international and local industry experts, analysts and end-users to unpack the latest threats facing African CISOs, CIOs, security specialists and risk officers, demystify emerging cyber security strategies in AI, blockchain, IOT, DevSecOps and more, and explain how to increase an organisation's cyber resiliency. Register today.