Managed security service provider, Earthwave , announced that it has gained the PCI DSS (Payment Card Industry Data Security Standard) Attestation of Compliance, making it the only Australian MSSP (Managed Security Services Provider) with the accreditation. The PCI DSS (Payment Card Industry Data Security Standard) secures cardholder payment data that is stored, processed or transmitted by merchants and processors.
Since 2007 all Australian businesses handling cardholder data irrespective of size have been mandated to comply with these strict security standards drawn up by the world’s major credit card companies, however, many business have ignored the directive until recently when the payment card brands started to enforce hefty fines for non compliance. Furthermore, recent changes to the standard insist that any merchant outsourcing their security infrastructure management, such as firewall and IPS systems to a managed security service provider must also ensure their preferred MSSP is certified.
Carlo Minassian, CEO, Earthwave, added “As the volume of security threats continues to rise, hacking and phishing attacks continue to devastate Australian businesses, and more organisations report lost or compromised customer data; it is crucial that organisations dealing with and storing customer credit card information take due care and are compliant with the PCI DSS code to ensure customer data is protected. Since gaining this validation earthwave has received a number of enquiries from clients who require their MSSP to be certified under the amended code.”
The compliance assessment for Earthwave was carried out by Bridge Point Communications which took two months to complete. “The PCI DSS is a multifaceted security standard that includes necessities for security management, policies, procedures, network architecture, software design and other critical protective measures. PCI DSS specifies 12 requirements entailing many security technologies and business processes, and reflects most of the usual best practices for securing sensitive information. During the assessment process, earthwave achieved all these requirements and was awarded the certificate.” said Daryl Haines, Qualified Security Assessor, Bridge Point.
With this level of compliance Earthwave can provide managed security services for any clients requiring the PCI DSS certification as well as carrier neutral Clean Pipes, Secure Hosting and Secure Internet Gateway services. The earthwave Secure Internet Gateway has also achieved certification to the Highly Protected classification level by the Defence Signals Directorate (DSD), Australia's national authority for information security.