Australian company achieves PCI DSS certification

Managed security service provider achieves certification as Aussie companies struggle with compliance

The burden of payment card industry (PCI) compliance is costing Australian companies thousands of dollars each month as organisations struggle to meet the stringent requirements of the data security standard known as PCI DSS.

Managed security service provider, earthwave, has become the first Australian provider of its kind to attain the Payment Card Industry Data Security Standard (PCI DSS) certification, a set of rules and requirements that govern the handling of credit card data.

The certification comes in response to increased calls from clients, as payment card brands such as Visa and Mastercard begin to enforce fines for non-compliance with the standard. And recent changes to the PCI DSS require merchants who outsource their security infrastructure management to ensure their providers have also gained the Attestation of Compliance.

The PCI DSS was developed by the PCI Security Standards Council, which includes major payment players such as Visa and Mastercard. It applies to anybody who stores, processes or transmits cardholder data. The validation requirements vary based on factors such as transaction volume. And, in addition to the requirements already in play, Visa will begin to enforce its Prohibited Data Storage Deadline for Level 1 and 2 merchants from September 30.

“We have seen a big push from clients,” said Carlo Minassian, CEO of earthwave, whose clients range from merchants to hosting providers who themselves don’t want to have to go through the accreditation process. “Half our clients were already being fined for each month of non-compliance and those fines are quite hefty.”

The new PCI standard mandates the need to have a certified service provider so that they are not the weakest link in the chain, Minassian said. While this doesn’t generally include providers such as ISPs who provide interconnectivity – communication links without access to the application layer of the communication link – relatively few Australian providers have achieved the certification.

Meeting the requirements, which take in aspects such as firewall management, intrusion detection, logging, file integrity monitoring and alerts, can be a lengthy process for companies just beginning their compliance journey. But earthwave’s managed security services already hold accreditations such as the Information Security Management System standard ISO 27001 and the Defence Signals Directorate’s ICT security management standard, ACSI 33.

“We didn’t realise the impact of the accreditation until a couple of months ago,” Minassian said. “But many of our clients began to tell us they needed to engage a service provider who was specifically certified.”

Bridge Point Communications undertook the compliance assessment, which took about two months and specifies 12 requirements across security technology and business processes.

Join the CSO newsletter!

Error: Please check your email address.

Tags MSSPPCI secuity standardearthwavesecurityvisacredit cardsPCI DSS

More about ISOMastercardVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Georgina Swan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts