COLOGNE, 20 April 2009 – Data security in online card payment transactions has made the headlines again. Only a short time ago US media reported on a historical data theft at a credit card service provider which affected hundreds of millions of customer transactions. This underlines how important it is to regularly monitor the security standards of companies which work with such data. Deutsche Card Services was recently awarded the PCI Security Certificate. The platform of Deutsche Card Services is the only payment platform which has received the coveted security certificate five times in a row. The security standard developed by the Payment Card Industry Security Standards Council (PCI SSC) confirms that the clients of the Deutsche Bank subsidiary and their customers enjoy the best possible protection against any misuse of sensitive data. The standard is regularly updated to meet the changing needs of the industry and is the benchmark for all organisations that process, store or transmit card information. The successful certification proves that the security is in line with the strict requirements of the payment Card Industry Data Security Standard (PCI DSS).
As one of the founders of the PCI Security Standards Council, the credit card organisation Visa is one of the leaders in the area of protection of sensitive credit card and transaction data. “With PCI DSS we create customer trust in the credit card as a modern and global payment method. Moreover, the certification and the related
examinations protect merchants against far-reaching risks,” says Ottmar Bloching, General Manager of Visa Europe in Germany. “Banks and retailers know that it is necessary to have their security systems certified; this is a useful precaution against organised crime, which tries to harm both businesses and consumers.”
Detlef Henkel, Chairman of the Management Board of Deutsche Card Services GmbH, says that, “for us, as a provider of international full-service solutions for non-cash, card-based payments and as part of the Deutsche Bank division Global Transaction Banking (GTB), it was a matter of course to implement the high security standards right from the beginning. Moreover, we regularly improve procedures in all security relevant areas in order to ensure that the PCI Data Security Standards are complied with.” While a PCI certificate is a necessity, Deutsche Card Services also provides solutions for merchants who do not want to undergo the certification procedure themselves. “If a merchant never gets in contact with the card data, the PCI problem will be irrelevant. This can be achieved by special interfaces with a graphical user interface (GUI). Consumers enter their card data on the merchant’s homepage directly into our interface and thus into our system,” explains Jens Mahlke, management director for Product Management. Deutsche Card Services can offer two such interfaces. The Smart Pay GUI interface is the most recent development; it offers even more advantages to merchants, for example a virtual terminal for mail-order business via the phone or the possibility to adapt it to the design of the merchant’s homepage.
A merchant’s cooperation with a PCI certified partner will increase consumer trust. At Deutsche Card Services, Security Research & Consulting GmbH (SRC) conducted the examinations for the PCI certification. It is the joint centre of competence and consulting company for security relevant applications and technologies of the four German publishers for the credit industry, Bank-Verlag, Deutscher
Genossenschafts-Verlag, Deutscher Sparkassen Verlag and VÖB-ZVD Bank für Zahlungsverkehrsdienstleistungen. “During our thorough examination, Deutsche Card Services fulfilled the requirements excellently,” says Randolf Skerka, PCI auditor at SRC. “The implementation of the PCI DSS was in line with the highest imaginable requests.” The certification examination takes place every year. It covers the organisation’s procedures, access and protocol systems,
communication and data infrastructure and the development and security management. In case of Deutsche Card Services, the PCI certification
examination includes quarterly security scans of the internet
interfaces and a security audit, i.e. a thorough examination of compliance with the security requirements at DeuCS.