FINANCE: Integrated Commerce Solutions (ICS) Achieves PCI DSS Compliance for Fifth Year
Recent Gauteng Business News
Integrated Commerce Solutions (ICS), a provider of specialised procurement and payment solutions, has achieved compliance with version 3.2 the Payment Card Industry Data Security Standard (PCI DSS) with the assistance of Galix, an accredited PCI Quality Security Assessor. It’s a major achievement for ICS that signals the high value it places on data security and the safety of client data.
“With a customer base that includes all the major banks in South Africa and an offering that reconciles data relating to transactions worth hundreds of millions of Rand’s a month, PCI DSS compliance is a core requirement for ICS that is directly linked to the company’s business success,” says Murray Roberts, a director at ICS.
ICS is a niche solution provider that develops and provides secure, world class Level 2 and 3 data technology, processing and services specifically designed for commercial card programs such as Corporate Card, Procurement Card, Distribution Card and Travel Lodge Card programmes for banks globally. The ability to process and reconcile Level 2 and 3 data, which is a more detailed level of transaction data than collected in standard commercial card transactions, means Visa and MasterCard Issuing bank clients (typically corporates and businesses) are able to receive pre reconciled accounts or have the invoice level detail and tax breakdowns included in their reconciliations for the card based spend. This means process and cost savings, which can add up to significant benefits for companies. ICS provides these services to the customers of the major banks in South Africa, processing and reconciling hundreds of thousands of card transactions for hundreds of companies a month.
Explains Simeon Tassev, director and Qualified Security Assessor (QSA) at Galix: “The PCI DSS standard has been put in place by major card issuers, such as Visa and MasterCard, to govern the use and security of sensitive credit card information. PCI DSS certification is complex. For companies handling high volumes of transactions, it is a non-negotiable annual requirement, however.
The PCI DSS standard covers every system within ICS that has anything to do with credit card information – how the data enters and exits an organisation, who has access to it or handles it, how it is used, transported and stored. It covers the people, processes, the physical facility and the technology (software, hardware, network security) – as well as every other system that intersects with these systems.
“For ICS, PCI DSS compliance is essential to provide assurances to its banking clients and partners that their customers’ data is secure and that the possibility of a breach is reduced to as low as possible,” says Roberts.
Roberts notes that the 2016 audit was challenging as the company had just changed its production environment. “In line with Galix’s recommendations, we switched to an international hosting service provider that met PCI DSS requirements in terms of hosting ICS’ systems and data.
Physical hardware standards, which include PCs, servers and networks, make up approximately 20% of PCI DSS standards. Other measures cover firewall management, patch management and intrusion detection, among others. By making use of a service provider that meets PCI DSS requirements, we ensure our operations and our clients’ data is suitably secured.”
This is the fifth year that ICS has worked with Galix to achieve annual compliance. “We initially explored the market for a suitable partner and Galix stood out as a provider that truly understood the issues we were dealing with and could deliver results. They continue to live up to that achievement.”
Says Tassev: “We assist our clients from start to finish, helping them understand why the standards are important as well as how to implement them. We believe our services is more about partnering with our clients to deliver value then just doing an audit.
“As a local company we are able to spend the time with our clients to understand their business and their processes related to payments and credit cards, and to engage with all related departments, from IT to HR and finance.
“While ICS has gained the needed PCI DSS experience and knowledge to make the audit and achieving compliance easier, there is no such thing as 99% compliance – its 100% or not at all. This is where Galix’s expertise makes the difference.”
To ensure requirements are met, ICS will be taking a new approach in 2017, partnering with Galix to implement monthly PCI DSS health checks at ICS. This will ensure scheduled PCI items and checks are done correctly and on time, which makes achieving annual compliance less onerous.
Says Roberts: “Data security is very undervalued in South Africa in our experience. However, threats continue to evolve, making it a vital issue to address. At ICS, data security is paramount – it’s why we have made it a core part of our services.”
Business News Sector Tags: Finance|