Travel loyalty schemeAirmilesis on course to achieve
compliance with thePayment Card Industry Data Security Standard (PCI
DSS)in March following a 14-month
project.
The company, which has a turnover of £124m, has eight million
loyalty scheme members and processes 400,000 credit card
transactions a year.
Airmiles infrastructure manager Gavin Woolnough said the
£400,000
PCI DSS project was the company's biggest single IT project in
its 19-year history. Although it was necessary to avoid fines from
credit card companies, the project was also an opportunity to
upgrade security.
"It is a good exercise because it allows us to better secure our
systems as a lot of the elements of compliance are about securing
the network and data," he said.
Simon Langley, head of PCI DSS at professional services firm
KPMG, said the retail sector was catching up with financial
services in security.
"In the financial sector, companies have done a lot because of
regulations, but retailers have not generally taken security
seriously unless something happens. But now they are being
compelled to address security issues they did not know they had,
they have woken up to the fact that security should have been
improved years ago," he said.
Airmiles had to add components to its existing infrastructure,
including new firewalls and an upgrade to its credit card
processing platform, supplied by Logic Group.
"We had to redesign the local area network and core systems that
process credit card payments. They used to sit on the Lan but they
are now separated on a secure network layer," said Woolnough.
In the latest stage of the project the company implemented an
encryption device from Ingrian Networks to secure data on the
network. Credit card data resting on internal systems is encrypted
so that it can only be viewed by those permitted to do so.