Roughly 66% of the world’s population (approximately 5.3 billion people) are using the internet. The same research shows that 75% of those are between the ages of 15 and 24. This represents the potential for a significant digital economy. Crucially, securing payment data is a critical task that businesses cannot afford to overlook.
This is where Ecentric Payment Systems has long been at the forefront of payments data security. For instance, our Point-to-Point Encryption (P2PE) solution, provides organisations with the tools they need to protect sensitive customer data from potential security threats.
Of course, nobody has to take our word for it. This is where stringent international standards as set by the Payment Card Industry Data Security Standard (PCI DSS) and PRASA come in. This compliance is integral to ensuring our partners and clients, which include leading banks like Standard Bank, FNB, and Absa, have the peace of mind that our solutions adhere to the most rigorous standards and ensure data security at all costs.
Driving product innovation
Ecentric’s P2PE solution stands out as a preferred decryption environment that is not only PCI compliant but also accredited by PRASA. This accreditation ensures that sensitive cardholder data remains secure throughout the payment process, protecting businesses from data breaches and ensuring a smooth customer experience.
The Ecentric Switching Service links all customer channels to the issuers and acquirers for payment and VAS services including instore and online. Ecentric is unique in that it is established as a leading payments service provider to major local retailers in both South Africa and their expansion into Sub-Saharan Africa. Our switching service includes the implementation and certification of new pin pads, payment types, VAS types and acquirers, all supported by a unique transaction reconciliation engine, ReconAssist.
Compliance focus
But for Ecentric, merely meeting the current standards is not enough. The company is already working towards Version 4 of the PCI DSS, which features an additional 60 controls. Published by the PCI Security Standards Council (SSC) in March last year, the new version incorporates over 6,000 items of feedback from more than 200 organisations around the world.
This compliance is expected to be fulfilled ahead of the deadline set for 31 March 2024, further demonstrating our commitment to staying ahead in payment data security.
Compliance with PCI DSS, however, is an ongoing process. According to the PCI DSS Quick Reference Guide, businesses must consistently follow three key steps to maintain their status.
- Assess: This involves identifying all locations of cardholder data, evaluating IT assets and business processes for payment card processing, and scrutinising them for potential vulnerabilities.
- Repair: This step involves rectifying identified vulnerabilities, removing unnecessary cardholder data storage securely, and implementing secure business processes.
- Report: Documentation of assessment and remediation details is crucial, along with submitting compliance reports to the acquiring bank and card brands you do business with.
Meeting PCI DSS compliance is a stringent process, involving determining an organisation’s compliance level, creating a dedicated compliance team, and completing a Self-Assessment Questionnaire. It also entails the security of the network, strengthening of passwords, implementation of access controls, encryption and protection of cardholder data, and necessary documentation with payment card brands.
According to the PCI SSC, these standards were developed ‘specifically to protect payment account data throughout the payment lifecycle and to enable technology solutions that devalue this data and remove the incentive for criminals to steal it. They include standards for merchants, service providers, and financial institutions on security practices technologies and processes, and standards for developers and vendors for creating secure payment products and solutions.’
Partnership-driven
By partnering with Ecentric, businesses can navigate the complex landscape of PCI DSS compliance with ease. Ecentric helps businesses understand their PCI DSS requirements and implement necessary changes. Our qualified assessors from the PCI Security Standards Council help facilitate this assessment of compliance.
At Ecentric, we believe in setting the pace for payment data security. Our unwavering commitment to maintaining high standards in payments security, coupled with our proactive approach in staying ahead of industry requirements, make us an ideal partner for businesses seeking a secure payments environment. Ecentric is more than just a payments solution provider – we are your trusted ally in securing your data and your business’s future.
