Menu
Fred Hollows NZ charts the complexities of payment card compliance

Fred Hollows NZ charts the complexities of payment card compliance

The PCI compliance regime is not new, but it is still challenging for user organisations

Charity Fred Hollows NZ needed help to achieve PCI compliance.

Charity Fred Hollows NZ needed help to achieve PCI compliance.

Credit: Supplied

Achieving payment card data security standards is complex, affecting not just the party receiving the payments but their service providers as well, charity Fred Hollows NZ has discovered.

Payment Card Industry (PCI) data security standards apply to all organisations that store, process or transmit cardholder data. 

"Our merchant bank, BNZ, advised us in 2017 that our volume of credit and debit card transactions had exceeded a threshold which resulted in us being considered as a level three merchant and brought us under a greater level of scrutiny," the foundation’s finance and operations director, Sharon Orr, said.

"We were given until September 2018 to demonstrate compliance with the standard."

The charity, which works in the Pacific to restore sight to the needlessly blind and vision impaired, needed to engage a qualified security assessor to help navigate and become compliant to give the foundation’s bank and donors the assurance that all cardholder data was protected.

“Becoming PCI compliant is a rather complex process,” said Orr. 

“We had to ensure that all the systems and procedures we were using to process credit card transactions met the requirements. 

"We also had to be sure that all our service providers - such as our web hosting company and IT service provider - together with our entire technology infrastructure also achieved compliance.”

PCI is also an evolving standard with changing focuses over recent years.

To ensure it was meeting compliance requirements and to address the complexity of its payment channels, the charity engaged a qualified security assessor, Confide, to assist.

During the process, it became apparent that improvements were required to the IT security measures in place within the organisation. Access controls had to be strengthened and threat detection and prevention mechanisms extended to deliver more thorough coverage.

Fred Hollows NZ worked with technology partner Tier4 to evaluate a range of security options before a decision was taken to implement a WatchGuard Unified Threat Management (UTM) appliance with WatchGuard Total Security Suite.

WatchGuard’s AuthPoint multi-factor authentication was also deployed to ensure secure remote access to centralised networks for mobile staff members.

 Deployment began in April 2018 and was completed within two weeks. 

Tier4 and Confide assisted with user training to ensure all staff were aware of IT security and the steps they needed to take to keep credit card transactional data safe.

As well as achieving compliance, the infrastructure has significantly strengthened the foundation’s overall cyber security. 

“Staff attitudes to IT security have also improved," Orr said. 

Read more: More businesses at risk of credit card data breaches: Verizon

While there was some initial resistance to the two-factor authentication system, people were now comfortable with it and it has become part of daily activity.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags PCI DSSPCIFred Hollows NZpayment card security

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments