Direct Pay Online Group Awarded The First Pan Africa PCI DSS LEVEL 1 Compliance Certificate
3G Direct Pay Group, the leading Pan-African premier solution for online and mobile payments, has been certified as the first company compliant with the security standards of the Global Payment Card Industry (PCI) Security Standards Council. The PCI DSS LEVEL 1 certification is applicable to all their branches in Kenya, Tanzania, Zanzibar, Zambia, Uganda and Rwanda.
“The PCI DSS certification is a comprehensive best practices standard for managing any business that comes into contact with credit card and other online payments information,” said Eran Feinstein, Managing Director, 3G Direct Pay Group. “As a payment service provider for hotels, airlines, tour operators, travel agents and other ecommerce businesses throughout Africa, it is essential that we comply with the highest standards of security in the industry. We are delighted to be the first in Africa to have this certificate.”
Feinstein says 3G Direct Pay Limited had to provide evidence that hundreds of controls and safety features were implemented. These security measures cover everything from the physical security of its offices and data centre, to staff training, supplier agreements, firewalls, intrusion detection, and file integrity management.
“PCI DSS level 1 compliance means that any credit card and customer private information we handle on behalf of our merchants and their customers is protected by multiple layers of security,” said Feinstein. “In addition to the anti-virus, security features and firewall protection that our customers expect, all sensitive information is encrypted, managed and stored based on the highest standards.”
Feinstein adds that many online payment service providers are likely to find PCI DSS compliance particularly onerous: “The standard defines bank-level security,” he says. “Currently only a handful of African businesses are certified, but we believe that this will rapidly become a basic requirement for doing business. Every merchant should verify that their payment service provider and their payment gateway are PCI DSS compliant – and if not, they should ask when they plan to become so It is a very demanding process, that takes at least 18 months to complete.”