The security standard, which was introduced by the major five card brands to combat fraud asks all merchants to secure their processes, systems, policies and procedures at every step of the payment card process to protect against the risk of cyber criminals accessing sensitive customer data, and requires rigorous compliance and assessment.
For NetBenefit the PCI accreditation marks the end of a comprehensive project to attain high security in payment standards across its managed hosting facilities and enables it to provide merchants with a purpose built hosting environment that will meet the stringent requirements of the Standards Council.
“The 12 requirements of PCI DSS compliance can be quite daunting for any merchant”, explains Darren Wiltshire, Head of Engineering, NetBenefit. “NetBenefit has worked through all of the steps as both a merchant and a service provider which means we understand the full scope of the project.
“We wanted to be able to offer our customers a PCI DSS compliant solution that can scale with their requirements from customers using payment gateways all the way up to merchants who manage the payment process themselves”, added Wiltshire. “We have addressed as many of the requirements as possible in delivering the PCI compliant hosting environment so that customers can concentrate on their own systems, processes and policies.”
Kevin Dowd, Director of Security Assessment, CNS added “By attaining the service provider accreditation, NetBenefit has demonstrated that its processes, systems, policies and procedures comply with the relevant requirements and can now provide a comprehensive PCI DSS compliant environment to its customers seeking PCI DSS as a merchant.”
The PCI DSS compliance standard was introduced by the PCI Security Standard Council - an organisation founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to combat fraud. High profile cases in the US have seen over a hundred million credit and debit card details compromised by attacks on the systems of just one retailer.
Such cases can create substantial financial risk for the card brand and merchant alike but they also pose a considerable threat to the merchant’s brand with the resulting consumer loss of trust in buying online from the retailer or at all. Whilst PCI compliance is not a legal requirement in the UK, banks are levying substantial fines and increasing transaction charges to drive compliance within the community.
Ultimately they also have the ability to stop the merchant from trading by withdrawing their services as an acquiring bank.
NetBenefit is a leading managed hosting provider whose clients include The National Archives, The New Statesman, Polar, The Hospital Club and Kiddicare.
NetBenefit is part of London listed Group NBT, which has over 290 employees worldwide with offices in London, Copenhagen, New York, Nice, Munich, Zurich, and Oslo.
Other Group NBT brands include NetNames, Easily.co.uk, Speednames, Ascio and Envisional.
About CNS (Convergent Network Solutions Ltd)
CNS is a PCI DSS Qualified Security Assessor (QSA), CESG CHECK & CLAS Consultancy & ISO27001 Lead Auditor providing advisory, project and managed information assurance and compliance services.