EDS, an HP company, announced today that its processing facility, the Regional Cards & Payment Utility (RCU) in Australia, has successfully achieved the highest level of security compliance to the Payment Card Industry (PCI) Data Security Standard.1)
By achieving this level of compliance, EDS will help clients reduce the risk of fraudulent use of payment card information and the threat of theft of cardholder data by enhancing the security of stored data.
The PCI Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This standard was developed to help organisations that process card payments prevent fraud, hacking and other security threats. The PCI Data Security Standard is overseen by the PCI Security Standards Council, an open, global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
"Enhancing and sustaining the confidence customers have in the security of the payments system is critical for the banking and payments industry. This, along with the expense associated with fraud and other security issues are major points of focus," said Stephen Karpin, Executive General Manager Credit Cards, Commonwealth Bank of Australia. "By using the EDS processing facility, the Commonwealth Bank is able to offer our customers superior levels of security and better defend against fraud."
EDS processes approximately 30 percent of all acquired credit transactions in Australia, making it a PCI Level One Service Provider. As a result it must meet the most stringent compliance to the PCI Data Security Standard.
To achieve certification, a global team from EDS designed the utility's network, storage and security architecture to meet PCI Data Security Standard requirements. The solution is based on providing PCI-compliant security and management functions to systems for multiple clients hosted within isolated network compartments.
"All companies that process, store and transmit credit card information must maintain a secure environment that minimises the risk of security vulnerabilities," said Dee McGrath, director of cards for Asia Pacific at EDS, an HP company. "Achieving this level of compliance enables our clients the best possible security available for their cardholders."
EDS launched its Regional Cards & Payment Utility processing facility in Australia in September 2007 with the Commonwealth Bank as its first client. Servicing the Asia Pacific region, RCU gives banks and other credit providers access to the latest technology and business systems under a shared services, pay-per-use model.
1) Certification requires annual on-site audits by certified Qualified Security Assessors and quarterly network scans by certified Approved Scanning Vendors.