Cologne, 08 May 2008 – Pago eTransaction Services has become the first credit card acquirer to get PCI certification for the fourth time in succession. The Cologne based company has once again been awarded the Payment Card Industry Data Security Standard (PCI DSS) confirming that it offers its customers the best possible protection against data abuse. The global security and survey standard PCI DSS was invented by the PCI Security Standards Council, an institution which was founded by the leading international credit card organisations. The continually developing standard is the demand for all organisations who work with credit card information. The successful certification provides that the security level complies with the strict guidelines of the PCI Security Standards Council. Thereby consequential losses for a company can be reduced. “As one of the leading international acquirers and as a Deutsche Bank company, compliance with the highest safety standards has always been a priority for us,” said Dr. Markus Weber, Pago-s Managing Director. “In addition, we are continuously monitoring and improving all of our work flows.”
The PCI certification was carried out by SRC Security Research & Consulting GmbH, a joint security competency centre and consultancy for applications and technologies set up by the four German banking publishers, Bank-Verlag, Deutscher Genossenschafts-Verlag, Deutscher Sparkassen Verlag and VÖB-ZVD Bank für Zahlungsverkehrsdienstleistungen. “Pago fulfilled all of our requirements to an exceptional degree,” said Randolf Skerka, PCI auditor at SRC. “The PCI DSS security standard meets the most demanding levels.” The certification audit is carried out annually. SRC is the first organisation in the world to be accredited for the MasterCard Site Data Protection (SDP) and the Visa Account Information Security (AIS) programs.
Pago eTransaction Services passed the PCI certification review with flying colours. The audit includes organisational processes, access and log systems, communication and data infrastructure as well as development and security management. The PCI certification process also includes regular security scans of the internet interfaces and an intensive on-site security audit to check compliance with the security requirements.