The Home of Payments
[Print]

Direct Pay Online Attains PCI DSS Level 1 Compliance Certificate

Published on Sep 1st, 2016

3G Direct Pay Limited, the leading Pan-African premier solution for online and mobile payments, has been certified as compliant with the security standards of the Global Payment Card Industry (PCI) Security Standards Council.  The PCI DSS LEVEL 1 certification is applicable to all their branches in Kenya, Tanzania, Zanzibar, Zambia, Uganda and Rwanda.

 

“The PCI DSS certification is a comprehensive best practices standard for managing any business that comes into contact with credit card information,” said Eran Feinstein, Managing Director, 3G Direct Pay Limited.  “As a payment service provider for hotels, airlines, tour operators, travel agents and other ecommerce businesses throughout Africa, it is essential that we comply with the highest standards of security in the industry.”

 

Feinstein says 3G Direct Pay Limited had to provide evidence that hundreds of controls and safety features were implemented. These security measures cover everything from the physical security of its offices and data centre, to staff training, supplier agreements,  firewalls, intrusion detection, and file integrity management.

 

“PCI DSS level 1 compliance means that any credit card and customer private information we handle on behalf of our merchants and their customers is protected by multiple layers of security,” said Feinstein.  “In addition to the anti-virus, security features and firewall protection that our customers expect, all sensitive information is encrypted, managed and stored based on the highest standards.”

 

Feinstein adds that many online payment service providers are likely to find PCI DSS compliance particularly onerous:  “The standard defines bank-level security,” he says.  “Currently only a handful of African businesses are certified, but we believe that this will rapidly become a basic requirement for doing business.  Every merchant should verify that their payment service provider and their payment gateway are PCI DSS compliant – and if not, they should ask when they plan to become so.  The process takes at least 18 months of serious effort.”