Payment services company Total Web Solutions (TWS) has
used the security procedures introduced in aPayment Card Industry Data Security Standard(PCI DSS) project to boost security across its
business.
The company, which expects to process more than one million
transactions, worth about £10m, for
e-tailers by the end of the year, began the PCI compliance
project to secure credit card data.
TWS has extended the project to its broadband and domain name
services divisions, which used the PCI DSS as a blueprint to
improve the security of their IT infrastructure. The divisions
provide services to organisations, including the
BBC, BT and Nationwide.
Miesha Vukasinovic, managing director at TWS, said the project
allowed the firm to create security procedures to ensure defences
are kept up to date. "It opened our eyes to where we can apply the
same security mechanisms to other parts of our business and as a
result we have deployed the same security policies."
He said TWS spent hundreds of thousands of pounds on a two-part
project for the payment service business to become PCI-compliant.
The company carried out an initial audit of security eight months
before a PCI audit to give it time to overcome any shortfalls.
"We decided to do a pre-compliance audit, which allowed us to
address certain security standards we could not meet quickly," said
Vukasinovic.
The additional technologies adopted include multilayered
firewalls, encryption, intrusion detection and prevention, as well
as security procedures.
TWS implemented Ingrian's Datasecure Platform to encrypt data
on its network.