GHL claims greater cardholder security with PCI-DSS certification

• PCI-DSS applies to e-payment solutions providers that supply the infrastructure to route and/ or store cardholder data
• GHL invested more than RM1 million to upgrade its infrastructure and changed operating procedures to fulfil criteria

END-to-end electronic payment solutions and services provider GHL Systems Berhad said it obtained PCI-DSS (Payment Card Industry - Data Security Standards) compliant status on Sept 3.
 
PCI-DSS applies to electronic payment solutions providers that supply the infrastructure to route and/ or store cardholder data in the processing of credit cards transactions. This comprehensive standard is intended to help organizations proactively protect customer account data, GHL said in a statement.
 
GHL’s PCI-DSS certification covers its data center's entire core data network known as N3Net, where GHL collects and routes credit card transactions across and between merchants and banks. This includes all GHL’s NETAccess products and its nationwide remote N3Net nodes, the company said.
 
“Many banks rely on our N3Net payment network infrastructure to enable merchants … to accept credit card and ATM debit card payments from consumers,” said GHL executive director K.K. Ng (pic).
 
“While GHL has always adhered to the highest levels of card data protection, the present PCI-DSS certification formally recognizes that fact. Banks, merchants and the general public can be rest assured; when they use a GHL payment terminal or network, their transaction data will be protected and kept safe.”
 
According to Ng, the company invested more than RM1 million (US$327,000) to upgrade its infrastructure and changed operating procedures to ensure that its clients are assured of the highest levels of security for electronic transactions.
 
“The PCI-DSS standard comprises 12 distinct requirements and we took seven months to complete the change,” he added.
 
The PCI-DSS standard is a multi-faceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures, GHL said.
 
The PCI-DSS certification attests that GHL’s N3Net infrastructure complies with the highest security standards in handling cardholder data as defined by PCI standards security council which comprises Visa, MasterCard, Discover, American Express and JCB, the company added.
 
The 12 criteria which GHL fulfilled in order to achieve the certification include building and maintaining a secure network; protecting cardholder data; maintaining a vulnerability management program; implementing strong access control measures; regularly monitoring and testing networks; and maintaining an information security policy.
 
“In addition to assuring clients of the highest security standards in handling cardholder data, our PCI-DSS certification is also highly significant as it means that GHL now has the products to assist other service providers and financial institutions become PCI-DSS compliant,” Ng said.