Condyn assists Tutuka to meet requirements for South African payment processor
Condyn, the leading provider of Information Security Solutions, is pleased to announce that Tutuka, a South African-based payment processor, has selected SafeNet's DataSecure platform and ProtectHost (PH) EFT hardware security module (HSM)- two components of SafeNet's Enterprise Data Protection (EDP) Security Suite - in order to meet PCI DSS and EMV compliance. Condyn is the preferred distributor for the Safenet solutions in Africa.
Tutuka provides organisations with software-based solutions for gift vouchers, gift cards, prepaid Mastercards, prepaid cash replacement and loyalty programmes, enabling these organisations to reach their customers who typically do not use traditional credit card payment options.
Through Tutuka's core platform, these payment methods can be easily and securely issued, redeemed, tracked, and reported on through multiple channels such as point of sales, terminals, EFT switches, self-service kiosks, telephone, and the Web.
“The PCI DSS requires us to encrypt credit card data which resides on our Microsoft SQL database and, to comply with EMV, we needed a secure form of chip and PIN generation,” said Shaun Hodgkiss, technical director, Tutuka. “Our selection of SafeNet EDP was based on the recommendation of a leading industry assessor, as well as the company's longstanding history of solving data protection and compliance challenges for financial enterprises.” Tutuka needed a cost-effective security solution that would not only install quickly with its existing infrastructure, but could be built upon as the company expands its services and, inevitably, faces new compliance and data protection issues. Tutuka implemented SafeNet's DataSecure platform and PH EFT HSM in less than six months and, by using a single vendor for multiple platforms, reduced its overall cost and complexity of compliance.
“What makes the Safenet solution different is the fact that it provides an integrated platform with centralised policy management and reporting for seamless control of encrypted data,” said Jorina van Rensburg, CEO of Condyn. “The focus of PCI DSS is to protect sensitive cardholder account data, which is collected and stored during credit card transactions. The standard consists of a core set of principles with 12 specific requirements for the protection of sensitive cardholder data in use, at rest, and in transit. One of the key challenges merchants, banks, and payment processors face is the implementation of data encryption to comply with the PCI security requirements - and to execute this in an efficient and cost-effective manner.”
SafeNet DataSecure allows commercial and government organisations to ensure compliance and limit liabilities by protecting any sensitive data accessed by employees, customers, or third parties. For data protection, DataSecure is the only appliance-based encryption technology available that features granular, field and file level encryption capabilities and which can be integrated with file, Web, application, and database servers as well as PCs.
Compliant with FIPS 140-2 Level 2 and Common Criteria Evaluation Assurance Level 2, DataSecure centralises all cryptographic processing, key management, logging and auditing, and security policies on a single, hardened appliance, which maximises overall security.
ProtectHost EFT HSM prevents identity theft and other e-crimes by encrypting PINs, passwords, and online transaction data. It is designed for EFT and payment system processing environments, providing security for online banking transactions and applications for credit, debit, and chip cards. The PH EFT encrypts data at the client browsers and decrypts it at the host, so transactions are secure from point of entry through processing and authentication.
The PH EFT PIN Mailer System enables printing of PINs directly to secure PIN envelopes, eliminating the need to hook up to a different machine. As the world's fastest electronic funds transfer technology, the PH EFT operates at 1 200 operations per second and features EMV support, which specifically meets mandated requirements for payment processors - like Tutuka - card issuers, acquirers, merchants and e-payment providers.
SafeNet's complete EDP Solution Suite includes database and application data encryption, disk and file encryption, centralised key management, network and WAN encryption, and two-factor authentication.
Condyn dramatically reduces the cost and complexity of PCI compliance with a comprehensive and easy-to-manage enterprise data protection solution. With the Condyn Data Protection solutions from Safenet merchants, banks, payment processors, and any other company subject to PCI DSS compliance, can meet the most challenging requirements to protect sensitive cardholder data.
Condyn remains committed to assisting the African market to address the PCI DSS compliance requirements through its reseller channel in South Africa.