EDS, an HP company, achieves top-level payment card security compliance
ASIA PACIFIC, August 12, 2009 – EDS, an HP company, announced today that its processing facility, the Regional Cards & Payment Utility (RCU) in Australia, has successfully achieved the highest level of security compliance to the Payment Card Industry (PCI) Data Security Standard.1 By achieving this level of compliance, EDS will help clients reduce the risk of fraudulent use of payment card information and the threat of theft of cardholder data by enhancing the security of stored data.
The PCI Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This standard was developed to help organisations that process card payments prevent fraud, hacking and other security threats. The PCI Data Security Standard is overseen by the PCI Security Standards Council, an open, global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
“Enhancing and sustaining the confidence customers have in the security of the payments system is critical for the banking and payments industry. This, along with the expense associated with fraud and other security issues are major points of focus,” said Stephen Karpin, Executive General Manager Credit Cards, Commonwealth Bank of Australia. “By using the EDS processing facility, the Commonwealth Bank is able to offer our customers superior levels of security and better defend against fraud.”
EDS processes approximately 30 percent of all acquired credit transactions in Australia, making it a PCI Level One Service Provider. As a result it must meet the most stringent compliance to the PCI Data Security Standard.
To achieve certification, a global team from EDS designed the utility’s network, storage and security architecture to meet PCI Data Security Standard requirements. The solution is based on providing PCI-compliant security and management functions to systems for multiple clients hosted within isolated network compartments.
“All companies that process, store and transmit credit card information must maintain a secure environment that minimises the risk of security vulnerabilities,” said Dee McGrath, director of cards for Asia Pacific at EDS, an HP company. “Achieving this level of compliance enables our clients the best possible security available for their cardholders.”
EDS launched its Regional Cards & Payment Utility processing facility in Australia in September 2007 with the Commonwealth Bank as its first client. Servicing the Asia Pacific region, RCU gives banks and other credit providers access to the latest technology and business systems under a shared services, pay-per-use model.
EDS, an HP company, is a leading global technology services provider, delivering business solutions to its clients. EDS founded the information technology outsourcing industry nearly 50 years ago. Today, EDS delivers a broad portfolio of information technology, applications and business process outsourcing services to clients in the manufacturing, financial services, healthcare, communications, energy, transportation, and consumer and retail industries, and to governments around the world.
HP, the world’s largest technology company, simplifies the technology experience for consumers and businesses with a portfolio that spans printing, personal computing, software, services and IT infrastructure.
More information about HP (NYSE: HPQ) is available at http://www.hp.com/.
1 Certification requires annual on-site audits by certified Qualified Security Assessors and quarterly network scans by certified Approved Scanning Vendors.
EDS and the EDS logo are registered trademarks of Hewlett-Packard Development Company, LP.
HP is an equal opportunity employer and values the diversity of its people. © 2009 Hewlett-Packard Development Company, LP
About PCI DSS
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc.
International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data.
The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.
Ongoing development of the standard will provide for feedback from the Advisory Board and other participating organisations. All key stakeholders are encouraged to provide input, during the creation and review of proposed additions or modifications to the PCI DSS.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organised:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
To further the adoption of the PCI DSS, the PCI Security Standards Council defines credentials and qualifications for QSAs and ASVs. The PCI Security Standards Council also manages a global training and certification program for QSAs and ASVs, and will publish a directory of certified providers on its Web site.
About HP Inc.
HP Inc. creates technology that makes life better for everyone, everywhere. Through our portfolio of printers, PCs, mobile devices, solutions, and services, we engineer experiences that amaze. More information about HP Inc. is available at http://www.hp.com.
© 2016 HP Inc. The information contained herein is subject to change without notice. The only warranties for HP Inc. products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP Inc. shall not be liable for technical or editorial errors or omissions contained herein.