The Nation Newspaper

Tag: PCI-DSS

  • MainOne’s Data Centre gets PCI DSS, ISO 27001

    MainOne’s Data Centre gets PCI DSS, ISO 27001

    MainOne’s premier Tier III Data Center, MDX-I, has become the first Tier III Data Center operator in Nigeria to achieve both Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001:2013 certifications.

    Its Chief Executive Officer, Funke Opeke, who spoke during an event at which the company was presented with certification documents at its Head Office in Lagos.

    The certifications show that the Data Centre has complied with globally accepted standards on Customer Data Security as well as commitment towards the security and protection of the company’s information assets. While the PCI DSS accreditation is the most comprehensive, internationally recognised data security standard focused on promoting payment card data security, the ISO 27001 standard is a globally recognised Information Security Management System (ISMS) standard which specifies the requirements for a business to establish, implement, review, monitor, manage and maintain effective information security management systems.

    MainOne’s Data Centre was certified, following a comprehensive ISO27001 audit carried out by British Standard Institution (BSI) group, a business standards company that helps organisations all over the world make excellence a habit. The PCI DSS assessment was conducted by Digital Jewels Limited, a PCIDSS QSA and an Information Value Chain Company which also provided end-to-end support in preparing the Data Centre for certification to both standards. The audits measured the facilities at the Data Center according to several strict criteria including physical access controls as well as information security policies, procedures and infrastructure.

    Ms. Opeke noted that the ISO 27001 and PCI DSS certifications consolidate the company’s investment in critical infrastructure and processes to grow West Africa’s Digital Economy. “We are delighted to be the first commercial Tier III Data Center in Nigeria to assure our customers of both PCI DSS and ISO 27001:2013 certifications. We have continued to see an increase in the number of payment card operators, and many of these are our customers, “ she said.

     

    Our ability to ensure security of their customer data is attested to by these certifications and ensures we provide an equivalent level of security as the best in-house bank data centers,” she said.

    Commenting on MDX-I’s certifications, Chief Executive Officer, Digital Jewels, Adedoyin Odunfa said: “We are happy to congratulate MainOne on this achievement. This demonstrates the company’s commitment to improving and maintaining the highest standards in information security. This is a significant step for the online payment industry in Nigeria, and we look forward to working with MainOne in achieving other certification milestones.”

     

  • Banks, switches get November deadline for data security

    The Central Bank of Nigeria (CBN) has extended banks, switches and processors’ compliance with the Payment Card Industry Data Security Standard (PCI DSS) till November 30.

    The PCI DSS is a proprietary information security standard for organisations that handle cardholder information for the major debit, credit, prepaid, e-purse, Automated Teller Machines, and Point of Sale (PoS) cards. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure.

    In a circular to banks, switches and processors, signed by CBN Director, Banking Payment System, ‘Dipo Fatokun, said the need to extend the deadline followed requests by many banks seeking more time to enable them complete the certification process.

    He said to determine the readiness of various operators; the CBN engaged the services of three Qualified Security Assessors to conduct pre-certification assessment of the banks.

    The result, he said, showed that while many banks have complied with the certification, many are still at different stages of compliance, adding that with this extension, banks, processors and switches are expected to comply before the end of the deadline.

    The validation of PCI DSS compliance, is performed yearly, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (RoC) for organisations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

    The CBN had earlier released card issuance and use guidelines for the financial services sector. Fatokun said the power to issue the guideline was derived from Section 47 (3) of the CBN Act 2007. He said industry stakeholders who process, transmit, and or store cardholder information should ensure that their terminals, applications and processing infrastructure comply with the minimum requirements for the sector.

    He said that all terminals, applications and processing infrastructure, should also comply with the standards specified by the various card schemes, adding that only banks licenced by the CBN with clearing capacity shall issue payment cards to consumers and corporations in the country.

    Fatokun explained that banks without clearing capacity can issue in conjunction with those with clearing capacity, stating that all banks should seek approval from the CBN for each card brand they wish to issue.

  • Union bank gets PCI DSS certification

    Union bank gets PCI DSS certification

    UNION Bank of Nigeria Plc is now certified with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a global security standard for protecting card data, created by leading card companies Visa, MasterCard, American Express, Discover and JCB.

    The Bank was presented with the certificate after undergoing a rigorous successful audit of its operations which was conducted by PCI DSS Qualified Security Assessor – Panacea InfoSec in conjunction with their local partner – Digital Encode.

    This certification gives the bank the added incentive to offer its customers improved data security to protect them from card fraud, identity theft, insider threats, cybercrime, hacking and other security vulnerabilities.

    Commenting on this achievement, the Head Corporate Affairs/Corporate Communications at Union Bank, Ogochukwu Ekezie-Ekaidem said “our top priority is security and protection of customer data, as well as compliance. This certification is further proof of our commitment to provide quality service to our customers and we are proud to be compliant with PCI DSS’s stringent security requirements.”

    Beyond the PCI DSS certification, and as it seeks to reclaim its leadership position in the banking industry, Union Bank has also reinforced its overall security system through a Security Operation Centre (SOC). This will further guarantee that customers can conduct online transactions on more secure platforms and without any apprehensions.

  • Keystone Bank gets PCI-DSS Certification

    keystone Bank has received a Certificate of Compliance on the successful completion of the Phillips Consulting assessment on Payment Card Industry Data Security Standards.

    The Payment Card Industry Data Security Standard (PCI-DSS) is an extensive set of guidelines developed by five of the top global payment card brands and adopted worldwide by card services providers – Card Issuers, Banks, Transaction Switching Companies and Merchants – to better protect customers’ payment card information from compromise and fraud through increased controls around the storage, transmission and processing of card data.

    Speaking during the presentation, the Executive Director, Operations and Technology, Mrs. Yvonne Isichei, who stood in for the Managing Director/Chief Executive Officer, Keystone Bank, Mr. Philip Ikeazor, said: “Keystone Bank had engaged the services of PCI-DSS Qualified Security Assessors, Phillips Consulting Ltd, to guide it through the implementation of the standard and conduct the final certification assessment.”

    According to Mrs. Isichei, the result of the assessment is that among other things, Keystone Bank achieved the “Creation of a restricted Card Data Environment within our network; the identification and sanitisation of card data from the network environment and provision of training for our staff on card data security best practices and general awareness building on the PCI-DSS requirements”.

    While presenting the certificate, Mr. Wole Ogundare, Associate Partner, Phillips Consulting had encouraged Keystone Bank to continue to the atmosphere of compliance noting that “Compliance is not a destination but a journey.”

    PCIDSS is one of the several globally recognised and accepted standards championed by the Central Bank of Nigeria (CBN) in its IT Standards Roadmap for adoption by the  financial industry.