Menu
Fred Hollows NZ charts the complexities of payment card compliance

Fred Hollows NZ charts the complexities of payment card compliance

The PCI compliance regime is not new, but it is still challenging for user organisations

Charity Fred Hollows NZ needed help to achieve PCI compliance.

Charity Fred Hollows NZ needed help to achieve PCI compliance.

Credit: Supplied

Achieving payment card data security standards is complex, affecting not just the party receiving the payments but their service providers as well, charity Fred Hollows NZ has discovered.

Payment Card Industry (PCI) data security standards apply to all organisations that store, process or transmit cardholder data. 

"Our merchant bank, BNZ, advised us in 2017 that our volume of credit and debit card transactions had exceeded a threshold which resulted in us being considered as a level three merchant and brought us under a greater level of scrutiny," the foundation’s finance and operations director, Sharon Orr, said.

"We were given until September 2018 to demonstrate compliance with the standard."

The charity, which works in the Pacific to restore sight to the needlessly blind and vision impaired, needed to engage a qualified security assessor to help navigate and become compliant to give the foundation’s bank and donors the assurance that all cardholder data was protected.

“Becoming PCI compliant is a rather complex process,” said Orr. 

“We had to ensure that all the systems and procedures we were using to process credit card transactions met the requirements. 

"We also had to be sure that all our service providers - such as our web hosting company and IT service provider - together with our entire technology infrastructure also achieved compliance.”

PCI is also an evolving standard with changing focuses over recent years.

To ensure it was meeting compliance requirements and to address the complexity of its payment channels, the charity engaged a qualified security assessor, Confide, to assist.

During the process, it became apparent that improvements were required to the IT security measures in place within the organisation. Access controls had to be strengthened and threat detection and prevention mechanisms extended to deliver more thorough coverage.

Fred Hollows NZ worked with technology partner Tier4 to evaluate a range of security options before a decision was taken to implement a WatchGuard Unified Threat Management (UTM) appliance with WatchGuard Total Security Suite.

WatchGuard’s AuthPoint multi-factor authentication was also deployed to ensure secure remote access to centralised networks for mobile staff members.

 Deployment began in April 2018 and was completed within two weeks. 

Tier4 and Confide assisted with user training to ensure all staff were aware of IT security and the steps they needed to take to keep credit card transactional data safe.

As well as achieving compliance, the infrastructure has significantly strengthened the foundation’s overall cyber security. 

“Staff attitudes to IT security have also improved," Orr said. 

Read more: More businesses at risk of credit card data breaches: Verizon

While there was some initial resistance to the two-factor authentication system, people were now comfortable with it and it has become part of daily activity.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags PCI DSSPCIFred Hollows NZpayment card security

Featured

Slideshows

Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments