A Pan-African premier solution for online and mobile payments, 3G Direct Pay Group has been certified as the first company in Africa compliant with the security standards of the Global Payment Card Industry (PCI) Security Standards Council.
According to a statement issued yesterday by the Group, the PCI DSS LEVEL 1 certification is applicable to all their branches in Kenya, Tanzania, Zanzibar, Zambia, Uganda and Rwanda.
“The PCI DSS certification is a comprehensive best practices standard for managing any business that comes into contact with credit card and other online payments information,” said Mr Eran Feinstein, Managing Director, 3G Direct Pay Group.
Mr Feinstein said that as a payment service provider for hotels, airlines, tour operators, travel agents and other e-commerce businesses throughout Africa, it is essential that they comply with the highest standards of security in the industry and are delighted to be the first in Africa to have the certificate.
Mr Feinstein says 3G Direct Pay Limited had to provide evidence that hundreds of controls and safety features were implemented.
These security measures cover everything from the physical security of its offices and data centre, to staff training, supplier agreements, firewalls, intrusion detection, and file integrity management.
“PCI DSS level 1 compliance means that any credit card and customer private information we handle on behalf of our merchants and their customers is protected by multiple layers of security,” said Mr Feinstein.
“In addition to the antivirus, security features and firewall protection that our customers expect, all sensitive information is encrypted, managed and stored based on the highest standards.”
He added that many online payment service providers are likely to find PCI DSS compliance particularly onerous: “The standard defines bank-level security,” he says.
“Currently only a handful of African businesses are certified, but we believe that this will rapidly become a basic requirement for doing business.
Every merchant should verify that their payment service provider and their payment gateway are PCI DSS compliant — and if not, they should ask when they plan to become so. It is a very demanding process, that takes at least 18 months to complete,” he said.
