Direct Pay Online, an online and mobile payments integrator, has been certified with the security standards of the Global Payment Card Industry (PCI) Security Standards Council. The PCI DSS Level 1 certification is applicable to all their branches in Kenya, Tanzania, Zanzibar, Zambia, Uganda and Rwanda.
“The PCI DSS certification is a comprehensive best practices standard for managing any business that comes into contact with credit card information,” said Eran Feinstein, Managing Director,Direct Pay Online. “As a payment service provider for hotels, airlines, tour operators, travel agents and other ecommerce businesses throughout Africa, it is essential that we comply with the highest standards of security in the industry.”
Feinstein saysDirect Pay Online had to provide evidence that hundreds of controls and safety features were implemented. These security measures cover everything from the physical security of its offices and data center, to staff training, supplier agreements, firewalls, intrusion detection, and file integrity management.
“PCI DSS Level 1 compliance means that any credit card and customer private information we handle on behalf of our merchants and their customers is protected by multiple layers of security,” said Feinstein. “In addition to the anti-virus, security features and firewall protection that our customers expect, all sensitive information is encrypted, managed and stored based on the highest standards.”
Feinstein adds that many online payment service providers are likely to find PCI DSS compliance particularly onerous: “The standard defines bank-level security,” he says. “Currently only a handful of African businesses are certified, but we believe that this will rapidly become a basic requirement for doing business. Every merchant should verify that their payment service provider and their payment gateway are PCI DSS compliant – and if not, they should ask when they plan to become so. It is a very demanding process, that takes at least 18 months to complete.”