Galix Networking, local auditors for Payment Card Industry (PCI) Data Security Standard (DSS) compliance, has obtained certification in an additional two PCI standards, namely PCI point-to-point encryption (P2PE) Assessor and Card Production and Provisioning as Card Production Security Assessor (CPSA). This expanded PCI certification enables Galix auditors to cater to a broader range of client requirements, while simultaneously simplifying compliance with the PCI DSS standard.
“Rounding out our PCI certification and audit capabilities helps us to provide a more holistic service to our customers. This is a niche market in Africa and in South Africa in particular, and we are among the few organisations to provide this type of service locally. This means we are able to deliver a cost-effective, convenient service offering around multiple mandatory compliance requirements,” says Simeon Tassev, MD and QSA at Galix.
The P2PE standard ensures that appropriate encryption standards are in place across the payment card chain to protect sensitive payment data, from the physical point of sale device through to the bank. All P2PE-certified solutions are listed on the PCI website, and merchants can then easily select from these compliant solutions, which in turn simplifies their compliance with PCI DSS.
“The PCI DSS standard has over 240 controls that need to be put into place, but if the merchant makes use of a certified P2PE solution, there are fewer than 25 that need to be considered,” adds Tassev.
The CPSA standard augments Galix’s services, enabling Galix auditors to certify the entire payment card process from manufacturing and production through to provisioning and personalisation. The moment a card has a chip in it and is linked to a bank, there is risk and potential for fraud, which makes security imperative. This has become increasingly important as new payment methods like virtual cards become more commonplace, as these must still adhere to stringent security standards even though there is no physical card.
“Payment card crime and fraud are an unfortunate reality of our current times, and securing the entire process is essential to protect personal information and prevent theft. Point-to-point encryption is becoming a global best practice standard and ensuring that solutions used are certified not only protects customers and their information, but simplifies other compliance processes,” says Tassev.
“By including P2PE and CPSA in our offering, we are adding significant value for our customers, particularly retail clients and their service providers. We are also continually looking to improve our services, and we will be certifying on an additional standard by the end of the year,” he concludes.