Managed security service provider, earthwave, has become the first Australian company to attained a security certification developed by the world’s major credit card companies.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for enhancing payment account data security which includes management, policies, procedures and software design. Since 2007, all Australian businesses handling cardholder data have been mandated by the payment card brands to comply with the guidelines. Recent changes to the standard demanded that any merchant outsourcing their security infrastructure management to enlist the aid of a certified service provider.
earthwave CEO, Carlo Minassian, said while the company started feeling the pressure to become accredited three years ago the changes to the existing standard in the last year made it a necessity.
“Earlier, there wasn’t much demand but recently we found a lot of new clients that, as part of a tender or proposal requirement, were unable to sub-contract unless it was to a PCI DSS certified company,” he said. “At the same time, we saw an opportunity to go to new markets where others haven’t explored and it’s turned into a good thing since now we have a number of qualified security assessors (QSA) recommending us.”
Since the company was Defense Signals Directorate (DSD) certified, it already had higher levels of standards than what PCI needed. All the service provider had to do was ensure that it satisfied PCI DSS specific criteria before calling QSA in from Bridge Point Communications. Overall the process took two months to complete.
The number of customer engagements has increased by 25 per cent as a result of the PCI credential, according to Minassian.
“And, surprisingly, it is coming from across the board, not just from the banking sector,” he said. “Retail, finance and even hosting companies that do not want to get accredited are coming to us.”