Businesses warned of non-compliance penalties as deadline looms
Sydney – 20 November 2008 – As Australian businesses face a looming deadline to achieve
and report compliance with Payment Card Industry Data Security
Standards (PCI DSS),
Macquarie Hosting,
a division of Macquarie Telecom today announced it has achieved
its Report On Compliance (ROC) to the highest level of PCI DSS
for its
Sydney data centre, the Intellicentre.
Macquarie
Hosting is the first and only dedicated hosting provider in
Australia to achieve PCI DSS compliance and operates the most
highly
certified data centre in Australia. Macquarie
Hosting’s report of compliance was issued today by Vectra
Corporation, a qualified security assessor endorsed by the PCI
Security Standards Council. The PCI DSS is a mandatory
IT security standard established by the five major payment
brands for organisations that store, process and transmit
cardholder information. From January 2009, PCI DSS
compliance status reporting will be strictly enforced by issuing
banks for any organisation, including online businesses that
handle cardholder information including customer names, card
numbers, expiry dates or limits. Non-compliance can
result in substantial fines or suspension of a business’
merchant account facility. For Macquarie Hosting’s
online transaction based customers, the
PCI accreditation means they can now report use of a PCI
compliant web hosting provider and thus meet required standards
of the PCI DSS without the need for ongoing management and
maintenance of their own infrastructure. This saves time and
resources in the IT team. Aidan Tudehope, Managing
Director, Macquarie Hosting said, “Customer feedback has shown
that the cost and resource requirements to achieve and maintain
PCI Compliance are a significant burden for many mid-sized
businesses. “In our experience it can take months and
hundreds of thousands of dollars to achieve compliance for an
enterprise class data centre which, in the current tight
economic circumstances, can be unfeasible for medium businesses.
As a specialist working with leading online transaction based
organisations, we saw PCI compliance as an absolute must for
Macquarie Hosting to help our customers prepare for their
reporting deadlines.” Every bank that issues payment
cards is required to enforce the PCI DSS by the Payment Card
Industry Data Security Standards Council governed by the five
largest credit card companies; Visa International, MasterCard
International, American Express, Discover and JCB. PCI
compliance is a rigorous standard to achieve and maintain.
Macquarie Hosting’s accreditation recognises that it can now
provide services to meet the six major principles specified for
compliance, validated by PCI DSS security assessors annually.
These requirements are:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
This latest
accreditation reinforces the Intellicentre as the most highly
certified data centre in Australia. It adds to Macquarie
Hosting’s existing accreditations that include full DSD
certification to the level of highly protected and ISO 27001
ISMS certification. “Figures on the value of online
fraud using Australian credit cards continue to soar according
to the Australian Payments Clearing Association, reaching a
record high of $40 million between 2006 and 2007.”
“Implementing global best practice PCI standards to mitigate
risks and maintain control in these circumstances is vital for
businesses to protect customer security. Macquarie Hosting is
able to deploy solutions to ensure the long term success of
these businesses. Our approach is about building a sustainable
PCI compliance program, not just looking at PCI compliance as a
standalone check-list.” - Ends -
Contact Macquarie Hosting for more information on
PCS DSS compliance.
| 
