Business

Why banks are yet to attained PCI DSS compliance, by Microsoft

The software giant, Microsoft has said that part of the reason many financial institutions in the country have not yet attained PCI DSS compliance is because of challenges inherent in it which it said can significantly affect the organization’s business processes, service architecture, and technology solutions.

“Ultimately, it is a lifecycle-wide approach”, Ade Famoti, Enterprise Solutions Director, Microsoft Nigeria, said, adding that , “Many organizations find that the time, resource and process costs associated with PCI DSS compliance limit their ability to implement a secure development process. “This is where we come in – helping businesses address PCI DSS security requirements when creating software or systems, while speeding adoption of the security development lifecycle in their organizations

“ Microsoft products help organizations address these PCI-DSS implementation challenges, through native product capabilities that specifically address PCI-DSS Security and Compliance Management. Microsoft also offers best practices about how to plan, deploy, and effectively monitor for PCI-DSS compliance” Famoti said.

For the Director of Cards, Central Bank of Nigeria, Chidi Umeano, “Credit card fraud is rife in Nigeria, and if consumers aren’t adequately protected they will lose trust in their banks and the local e-commerce industry, and will be hesitant to make electronic payments instead of using cash. Everybody will lose out if this happens.”

He said that the migration from magstrip cards to pin and chip cards has drastically reduced the level of credit card fraud in Nigeria.

“However, this alone is not enough – the potential damage caused by credit card fraud means that we need to be vigilant and continuously work towards a goal of zero risk to the consumer. Besides, the PCI DSS is another step in the right direction. I therefore urge all banks in Nigeria to start taking the necessary steps to achieve compliance”., he said.

Although many banks are on their way to becoming a cash-less economy, but banks that fail to attain the Payment Card Industry Data Security Standard (PCI DSS) by the deadline of end December 2012, were placing consumers at risk.

The PCI DSS security standard was developed to ensure the prevention, detection and appropriate reaction to security incidents by all providers handling and storing cardholder information.

The Central Bank of Nigeria set the deadline for compliance for December 2012, but at this stage, only about 15 banks were working or leveraging components of Microsoft products to meet PCI DSS compliance.

The PCI DSS originated in 2004 in response to security breaches, when major credit card companies – American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International -founded the Payment Card Industry (PCI) Security Standards Council.

Microsoft offers best practices on how to plan, deploy, and effectively monitor for PCI-DSS compliance. Microsoft’s rich set of products offers proven methods that organisations can use to effectively move closer to compliance end-state using recommended security baselines and capabilities in Windows 7® Bitlocker, Exchange Server 2007/2010 native TLS encryption, Windows Rights Management Services (WRMS), System Center, Forefront, SQLServer, Windows Server Data Classification Toolkit, TMG Firewall and Windows Active Directory.