TelstraClear embarks on PCI security project

AUCKLAND – Telecommunications provider TelstraClear is investing more than NZ$1 million (US$645,000) over two years to be one of first ISPs in New Zealand to be compliant with the PCI (Payments Card Industry) data security standards.

The project involves meeting 211 requirements and has two deadlines — June 2009 and September 2010, says TelstraClear CIO Andrew Crabb. By the end of June next year there can be no storage onsite of PIN numbers, credit card numbers or information from the metallic strips on credit cards, he says.

The $1 million investment, which will be mostly put into auditing and verification, aims to tighten online security of credit card details and ensure customers their information is secure, particularly when using Web applications and online self-service, says Crabb.

Internally, the project is not expected to interfere much with the business. The project is about how the organization treats any information or data, and this will be handled in the systems and the network, he says.

“It shouldn’t be visible in the day-to-day work practices,” he says.

TelstraClear is looking to become a PCI “Level 1” merchant and provider, which means that the requirements are “as stringent as they get”, says Crabb. There are different levels of criteria, and not meeting these will incur significant penalties.

The 211 requirements are divided into six main categories. These include building and maintaining a secure network; protection of cardholder data; maintaining an ongoing management program to ensure the organization is not vulnerable; implementation of access control measures; regular monitoring and testing; and maintaining an information security policy, he says.

The organization also needs to make some changes into firewalls to make sure any sensitive data that is transacted is encrypted, he adds.

TelstraClear is also planning to develop, and take to market, products to assist its business customers meet the PCI data security criteria, says Crabb. The standard will hit anyone who wants to take credit card payments, and smaller organizations may struggle to come up with the funds to go through the process, he says.

TelstraClear must have full certification proof of compliance by September 2010. The compliance process is governed by banks, in TelstraClear’s case BNZ, he says.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now