PCI compliance used as blueprint for IT security


PCI compliance used as blueprint for IT security

Karl Flinders

Payment services company Total Web Solutions (TWS) has used the security procedures introduced in a Payment Card Industry Data Security Standard (PCI DSS) project to boost security across its business.

The company, which expects to process more than one million transactions, worth about £10m, for e-tailers by the end of the year, ­began the PCI compliance project to secure credit card data.

TWS has extended the project to its broadband and domain name services divisions, which used the PCI DSS as a blueprint to improve the security of their IT infrastructure. The divisions provide services to organisations, including the BBC, BT and Nationwide.

Miesha Vukasinovic, managing director at TWS, said the project allowed the firm to create security procedures to ensure defences are kept up to date. "It opened our eyes to where we can apply the same security mechanisms to other parts of our business and as a result we have deployed the same security policies."

He said TWS spent hundreds of thousands of pounds on a two-part project for the payment service business to become PCI-compliant. The company carried out an initial audit of security eight months before a PCI audit to give it time to overcome any shortfalls.

"We decided to do a pre-compliance audit, which allowed us to address certain security standards we could not meet quickly," said Vukasinovic.

The additional technologies adopted include multilayered firewalls, encryption, intrusion detection and prevention, as well as security procedures.

TWS implemented Ingrian's Data­secure Platform to encrypt data on its network.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy