PCI Compliant Services
A PCI DSS LEVEL 1 SERVICE PROVIDER
As South Africa’s first Payment Card Industry (PCI) Data Security Standard (DSS) Level 1 Service Provider, Ecentric Payment Systems understands how to protect sensitive payment data. The experience gained through our PCI DSS journey has shaped our approach to developing payment solutions. Ensuring transaction security and reducing PCI scope from our clients’ environments is central to all processes at Ecentric Payment Systems.
MOVE YOUR PAYMENT PROCESSING TO PCI EXPERTS
All businesses that accept card payments (store, process or transmit cardholder data) are required to comply with the PCI DSS program. Whilst certification requirements depend on your “merchant level”, PCI DSS certification can be a daunting task for any size business. With our PCI DSS Level 1 status, your business can rely on our secure infrastructure and compliant processes to store and process cardholder data, as your manage your own compliance and certification. Moving your payment processing to our environment can assist in reducing your PCI compliance burden, whilst maintaining a positive “secure brand” image and improve customer confidence.
Secure data transmission
All data transmitted between Ecentric Payment Systems and our clients’ is transmitted securely in accordance with the PCI DSS standards. Data is transmitted to each bank over multiple private links which are not publically accessible. All transaction messaging is kept secure using IPSec or private MPLS links to the various 3rd Parties.
Secure data storage
All sensitive data is stored in accordance with PCI DSS data storage guidelines and management principles. Our proprietary software has been has been validated and verified to be in accordance with the same Guidelines. Vendor supplied applications have been PCI-DSS/PA-DSS certified and hardened where necessary.
We have implemented a number of internal controls to ensure sensitive data is kept secure. This includes additional audit logging and role-based permissions that are regularly audited. Our staff members are also fully vetted and no unauthorised employees are provided card data decryption access.
Trustwave, an independent Qualified Security Assessor (QSA), is our PCI certification partner. Our systems undergo monthly network scans and annual penetration tests by Trustwave to ensure there are no system vulnerabilities.
Annual audits for continued compliance
We participate in annual on-site PCI audits conducted by our QSA, Trustwave to maintain our Level 1 Service Provider status (the highest level of compliance).
PCI Security Standards Council Participating Organisation
Ecentric Payment Systems is an active Participating Organisation within the PCI Security Standards Council. As a Participating Organisation, our organisation works with the Council to achieve and improve payment data security worldwide through the on-going development of the PCI Security Standards, including the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS). This in turn enables us to extend and enhance the security of our clients’ payment systems.
Ecentric Payment Systems PCI Advisory service empowers businesses to address all sections of the PCI DSS Security Audit Procedure. By working with your contracted QSA, this service supports successful compliance with the PCI standard in preparation for your PCI audit.
As trusted advisors in the PCI space, we have developed an extensive library of templates for policies, procedures, standards and documentation, all of which have been approved as PCI DSS compliant. In addition, we have evaluated and implemented solutions in both Windows and Open-Source environments which can be deployed by our clients to address their specific requirements.
Our advisory service assists businesses in the following areas:
- Establish the scope of the PCI DSS Security Audit project, encompassing systems, business processes, operations and personnel within PCI scope.
- Provision of on-site consulting services to your PCI project team.
- Provision of PCI DSS approved templates for the development of your own documentation and processes.
- Assist in the development of any business specific policies and procedures.
- Recommendations on infrastructure solutions, including networks firewalls, log management, version control, patch management, file integrity monitoring, two-factor authentication and server access control.