08/11/2011

Protecting your credit card details

A major milestone has been reached in the acceptance of An Post as fully compliant with the Payment Card Industry Data Security Standard (PCI DSS).

The Payment Card Industry Data Security Standard is a global data security standard first published in 2006 by the Payments Card Industry Security Standards Council. This council was formed as a joint forum of the major international card schemes - Visa, MasterCard, Discover, JCB and American Express with the intention of developing one set of common security standards for all organizations handling credit and debit card information.

The objective of the standard was to reduce electronic theft of customer card information and fraud. Fraud involving credit cards had exploded throughout the 1990s and into the new millennium due to vastly increased usage and the arrival of the Internet for online shopping. Many online traders had been subjected to well publicised hacking attacks which had resulted in the credit card details of in some cases millions of customers being stolen. Some of the more famous examples of these are TJ Max (card details of 40 million customers stolen) and 7-Eleven (140 million customers affected).

Compliance with the PCI DSS is mandatory for all organisations accepting and processing payment card data including retailers such as An Post and a range of penalties can be imposed by the card schemes for non-compliance. An Post’s PCI DSS compliance project has been on-going for the past three years with every aspect of the business where card payments are scrutinised in detail. A significant change program requiring in excess of 3,000 man days of effort from An Post IT, PCI and multiple An Post business sections has been completed. A statement of full compliance was finally issued in July of this year to An Post by Elavon who provide An Post with card payment acquiring services.

According to John Cronin, Group Chief Information Officer, An Post, achieving PCI DSS compliance is a major challenge for any organisation of An Post’s size: “It is particularly satisfying to see this milestone being reached. The successful completion of the project also testifies to the potential for future crossorganisational projects of significant complexity involving both business and Information Technology specialists within An Post.”

Back