Subscribe

FastNet mitigates credit card fraud with PCI DSS compliance

Provides peace of mind for retailers and consumers.


Johannesburg, 11 Dec 2013

In a bid to fight increasing card fraud, which is estimated to have cost $11.27 billion worldwide in 2012 (a 14.6% increase year-on-year)1, leading wireless data company, FastNet, today announced it has achieved Payment Card Industry Data Security Standard (PCI DSS) compliance as a Level 1 service provider.

This follows recent stipulation by the Payments Association of South Africa (PASA) that all system operators and Level 1 merchants must adhere to PCI DSS by February 2014.

Duncan Ellison, New Business Manager at FastNet, says if a malicious person obtains sensitive card information from the systems that process card transactions, it is possible to perform fraudulent transactions with such information.

"The purpose of PCI DSS is to protect cardholder information and therefore minimise the likelihood of data compromises happening by ensuring the highest level of security for card transactions. Failure to comply with PCI DSS can expose entities dealing with card information to criminal cyber attacks and the reputational and financial risk that goes with such an attack."

Ellison explains that PCI standards are set and maintained by the PCI Security Standards Council (PCI SSC) and that the PCI SSC is made up of representatives from the major international card schemes, ie, AMEX, Discover, VISA, MasterCard and JCB. "Each of these companies had their own standard and decided to come together to agree on an industry-wide best practice (PCI DSS) to mitigate the risk of card fraud."

While the focus in South Africa has been for system operators and Level 1 merchants (generally the large multiple retailers) to be compliant with PCI DSS, PASA recommends that network providers (companies that carry card data over their networks) are subjected to a PCI DSS evaluation to assess the applicability of PCI DSS to their environment, says Ellison. "This is why FastNet not only performed the original evaluation, but also decided to pursue PCI DSS compliance - to make the compliance process easier for our clients."

Depending on an entity's classification or risk level, a qualified security assessor (QSA) may be required to perform on-site security assessments for verification of compliance with PCI DSS. The QSA takes a large number of factors into account when doing an assessment, including but not limited to: the physical security of credit card information at the till; where the card numbers are stored; the security of the card numbers; whether the terminal equipment is easy to hack; and whether others can easily hack into the network and see credit card data passing by, says Ellison. "The PCI assessment process refers to 12 requirements that in practice, translates to over 350 questions to which the merchant must provide detailed responses."

To ensure PCI DSS compliance, FastNet undertook actions such as introducing additional levels of firewalls and network monitoring; introducing internal staff procedures to limit the number of people that can access sensitive data; and introducing a quarterly procedure to scan its network internally and externally for weaknesses.

"In our opinion, the focus on PCI DSS compliance is long overdue in South Africa. We decided it was the right thing to do for our clients and their customers, especially as we carry a large percentage of the national credit card traffic," concludes Ellison.

Share

FastNet

FastNet is South Africa's leading wireless data communications service provider. With almost 20 years' experience pioneering point of sale (POS) communications in South Africa, FastNet provides the only Payment Card Industry (PCI) compliant network that is reliable, secure, end-to-end data communication solutions for businesses of all sizes. The company specialises in POS, virtual private network, machine-to-machine communication and WiFi technology.

With its national footprint, FastNet is well positioned to deliver a superior service and 24/7 technical support across South Africa. FastNet is also a fully licensed, Electronic Communications Network Services (ECNS) and Electronic Communication Services (ECS) service provider with the advantage of extensive coverage provided by both wireless and fixed-line networks.

FastNet is a wholly-owned subsidiary of Telkom SA.

For further information, please visit www.fastnet.co.za.

Editorial contacts

Candice Hellriegel
Epic Communications
(+27) 21 439 8008
candice@epiccommunications.co.za