On 21st June 2014, Irish online payments service provider – 3G Direct Pay Ltd – announced that it had been certified with a global standard for payment card security. The company has a regional office in Nairobi.
3G Direct Pay has attained the Payment Card Industry Data Security Standard (PCI DSS) level 1 certification. This makes it the first in East Africa to achieve the feat.
The PCI DSS standard provides a framework for developing a robust account data security process encompassing prevention, detection as well as reacting to security incidents.
- The standard was developed by the major card brands as a baseline of minimum controls to enhance payment cards security.
- It is intended to help companies to proactively protect customer information as data compromise becomes more sophisticated.
- Rising instances of cyber crime have discouraged payment card holders from using them frequently, particularly for high-value transactions.
- Experts pointed to increased cases of hacking and skimming as a key cause for the trend.
- The trend has become more overt for prepaid cards, a convenient payment mode for online transactions, travel and accommodation, in the five months to February despite cards issued increasing in number.
- The number of transactions declined steadily over the period, matching a similar trend on the value.
- The number of prepaid cards issued has increased steadily to 128,872 in February from a mere 17,000 in mid-July 2009, according to Central Bank data.
- The number of prepaid card transactions slowed month-on-month over five months to 4,701 in February from 5,196 in October.
- A similar inflection is seen in the value of transactions which decreased steadily to Sh44.1 Mn in February from Sh57.8 Mn.
"Complying with PCI DSS standard is mandatory for all entities storing, processing or transmitting credit card transactions," commented Eran Feinstein, 3G Direct Pay's managing director, in a press release. "Recent security breaches, especially those involving credit card data, have made companies averse to doing business and sharing data with non-compliant entities," he added.
The third version of the PCI DSS standard is to be rolled out at the end of 2014.