printer friendly version

Galix is PCI security assessor partner

Galix Networking (Galix), specialist in the design, implementation and management of communications and security infrastructure, has announced its certification as an accredited Payment Card Industry (PCI) Quality Security Assessor (QSA) partner. Galix joins the ranks of just nine QSA companies licensed to operate in Africa, and is one of only five QSA organisations with offices in South Africa.

The PCI Security Standards Council (SSC) offers robust and comprehensive standards and supporting materials to enhance payment card data security. QSA companies are organisations that have been qualified by the council to assess compliance to the PCI Data Security Standard (DSS). PCI DSS is aimed at enhancing security in the payment card industry, and forms a cornerstone in the fight against payment card fraud and theft. The standard outlines an actionable framework and best practice including prevention, detection and appropriate reaction to security incidents.

Any business, merchant or service provider that accepts credit cards, either online or offline, needs to be compliant with the DSS. Service providers including payment gateways, online retailers and any third parties involved in the storage and/or processing of card holder data must be audited by a QSA. Level one and two merchants, defined by the payment card brands according to the number of transactions processed per month, also require external auditing.

“There are many organisations that need to be compliant, which involves security management, policies, procedures, network architecture, software design and other critical protective measures amongst other aspects. The challenge is in knowing where to start with such a project. It is vital to understand what is within the scope and what is not, but this is easier said than done. In order to do this you need to know how cardholder data travels throughout systems, and identify every single system component that is involved in storing, processing or transmitting data,” says Simeon Tassev, MD of Galix Networking.

PCI DSS compliance involves a comprehensive checklist of 12 requirements, including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management programme, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy. Each of these processes has several steps that should be followed, and under each of these steps are multiple criteria that need to be met for compliance.

Share this article:

Further reading: