"The 12 requirements of PCI DSS compliance can be quite daunting for any merchant"
(PRWeb UK) March 17, 2011
Managed hosting provider NetBenefit has attained PCI DSS (Payment Card Industry Data Security Standard) compliance following a detailed audit of its hosting environment by Qualified Security Assessor, CNS.
The security standard, which was introduced by the major five card brands to combat fraud asks all merchants to secure their processes, systems, policies and procedures at every step of the payment card process to protect against the risk of cyber criminals accessing sensitive customer data, and requires rigorous compliance and assessment.
For NetBenefit the PCI accreditation marks the end of a comprehensive project to attain high security in payment standards across its managed hosting facilities and enables it to provide merchants with a purpose built hosting environment that will meet the stringent requirements of the Standards Council.
“The 12 requirements of PCI DSS compliance can be quite daunting for any merchant”, explains Darren Wiltshire, Head of Engineering, NetBenefit. “NetBenefit has worked through all of the steps as both a merchant and a service provider which means we understand the full scope of the project.
“We wanted to be able to offer our customers a PCI DSS compliant solution that can scale with their requirements from customers using payment gateways all the way up to merchants who manage the payment process themselves”, added Wiltshire. “We have addressed as many of the requirements as possible in delivering the PCI compliant hosting environment so that customers can concentrate on their own systems, processes and policies.”
Kevin Dowd, Director of Security Assessment, CNS added “By attaining the service provider accreditation, NetBenefit has demonstrated that its processes, systems, policies and procedures comply with the relevant requirements and can now provide a comprehensive PCI DSS compliant environment to its customers seeking PCI DSS as a merchant.”
The PCI DSS compliance standard was introduced by the PCI Security Standard Council - an organisation founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to combat fraud. High profile cases in the US have seen over a hundred million credit and debit card details compromised by attacks on the systems of just one retailer.
Such cases can create substantial financial risk for the card brand and merchant alike but they also pose a considerable threat to the merchant’s brand with the resulting consumer loss of trust in buying online from the retailer or at all. Whilst PCI compliance is not a legal requirement in the UK, banks are levying substantial fines and increasing transaction charges to drive compliance within the community.
Ultimately they also have the ability to stop the merchant from trading by withdrawing their services as an acquiring bank.
# # #