3G direct pay limited moves to protect customers against card fraud

Nairobi, Kenya: As data compromise becomes more sophisticated, 3G Direct Pay Limited, a leading online payments service provider has moved to cushion its customers against security breaches and theft of payment card data.

The company becomes the first in East Africa to be credited with the highest level of payment card industry certification.

3G Direct Pay, which handles over 500,000 card transactions a year, has moved to increase its system’s security after meeting stringent standards for card services with Payment Card Industry Data Security Standard (PCI DSS) level 1 compliance certification.

The PCI DSS is a set of comprehensive requirements for enhancing payment, account data security and is intended to help companies proactively protect customers’ information.

This comes at a time when Kenyans have more and easy access to cards, both credit and debit. Data from Central Bank of Kenya shows a 5.1 per cent increase in the number of cards in the market from 10.86 million in January 2013 to 11.41 million in the same period 2014. Increase in the number of cards coupled with higher internet penetration is likely to drive online transactions.

.

Keep Reading business

•  Government splashes Sh100m for comfort zones in counties
•  Rethink data policies to increase internet access, ICT players tell State
•  Kenya leads global push to raise Sh322tr from climate taxes Premium
•  Harambee Sacco eyes Sh4bn in member's capital expansion share drive
•  End of an era: Hilton finally up for sale, taking with it nostalgic city memories Premium

“Payment Card Industry Data Security Standard (PCI DSS is intended to set a baseline in terms of the minimum controls to be in place to secure credit card data,” said Eran Feinstein, Managing Director, 3G Direct Pay Limited. “Complying with PCI DSS is mandatory for all entities storing, processing or transmitting credit card transactions.  Being certified as the first company in East Africa PCI DSS Level 1 compliant is not only a most significant achievement, but also a necessary passport for us to be allowed to do business with other companies and banks.  Recent security breaches, especially those involving credit cards, have made companies averse to doing business and sharing data with non-compliant entities.”

Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account security process - including preventing, detecting and reacting to security incidents.

The PCI DSS Council encourages all businesses that process payments to comply with the standards to help lower the brand and financial risks associated with account payment data compromises.

In most of the world, compliance is compulsory but not in East Africa, so it is a great honour to be the first company in the region to be awarded the top level certificate,” added Feinstein.  “Compliance is an on-going process, not a one-time event.  It helps preventing security breaches and theft of payment card data not just today, but in the future.”

Version 3 of the PCI DSS standard is expected to be rolled out at the end of this year and the market will see new requirements addressing emerging technologies such as virtualisation and cloud computing.  These subjects are currently problematic areas in terms of compliance as understanding and auditing such systems present many challenges.

The Certificate was awarded to 3G Direct Pay by Kyte Consultants, a firm specialising in PCI DSS compliance and certification.