BancNet, the country’s largest multi-channel electronic payments network, has been certified to be compliant to the Payment Card Industry Data Security Standard (PCI DSS), a global data security standard. BancNet becomes the first multi-channel payment network in the local banking industry to be certified PCI DSS –compliant and joins the ranks of compliant companies around the world.
PCI DSS is used by all major card brands as the common security standard for their compliance programs. These brands are VISA, MasterCard, American Express, Discover, and JCB. All organizations or merchants that accept, process, or transmit cardholder data of their customers must comply with PCI DSS. Cardholder data are all personally identifiable information associated with the cardholder such as bank account number, personal identification number (PIN), birthday, etc. The required policies and procedures, set in 2004, aim to achieve six goals: 1) to build and maintain a secure network, 2) to protect cardholder data, 3) to maintain a vulnerability management program, 4) to implement strong access measures, 5) to regularly monitor and test networks, and 6) to maintain an information security policy.
BancNet president Roberto P. Blas said, “Our compliance to PCI DSS strengthens our network’s security reputation in the industry. It assures credit and debit cardholders of our member banks and of our partner international networks that their personal information that pass through the BancNet switch is protected from misuse.”
“Vigorously implementing data security standards is important as our domestic cardholder base continues to grow rapidly and as more foreign cardholders visit our country,” adds Blas.
As of end of 2014, there were about 67.6 million ATM/debit cardholders in the country. Last year, BancNet processed nearly half a billion switched transactions including close to 2 million cash withdrawals using foreign-issued cards.
The PCI DSS assessment of BancNet covered payment processing through its electronic channels namely, the ATM, terminal at point of sale(POS) and online payment gateway (BancNet Online)which includes mobile banking. BancNet’s clearing and settlement system was also evaluated and passed rigid tests. Both its main data center and back-up center were covered by the review.
The compliance certificate was issued by Control Case, LLC, a U.S.-based Qualified Security Assessor Company (QSAC) certified by the PCI Security Standards Council, an independent body that administers and manages PCI DSS.
