Communication, commitment and compliance key to data security
17 January 2017

In an increasingly online world, data security is a hot topic.  For customers to transact with an organisation either online or via a contact centre, they need to be confident their payment details are secure and will not be compromised.  As a result, ensuring the security of personal information has become a business in itself, with a culture of security providing a competitive advantage and boosting the reputations of those businesses employing it.

For a company like Debitsuccess that prides itself on innovative technology, award-winning customer service and dealing with sensitive information, data security is crucial.  To ensure this, we focus on three key areas:

Communication

Company ‘buy-in’ at all levels is imperative.  Data security must be a high priority for everyone in the organisation – not just those handling sensitive information.  It should be communicated through all available channels clearly and frequently.

All our staff receive regular data security training and we have detailed policies and procedures in place to ensure such information is dealt with appropriately.  We have also created secure environments in our workplace that deal specifically with this data, including a secure room (complete with cameras) and staff IDs that allow selected access.

Commitment

Ongoing management of the security of personal information takes focus and commitment.  Some organisations attempt to achieve compliance by satisfying a checklist – however, this approach is not sustainable as the appropriate structures and processes required in order to continually adapt to what is an ever-changing data protection landscape, have not been adequately implemented.

To ensure we are continually exceeding high standards of data security, we are audited annually by an independent external auditor.

Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised commercial compliance standard for organisations that store, process or transmit credit cardholder information.  Established in 2004 by five major international credit card companies, it represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. 

PCI DSS compliance is validated at four levels, depending on transaction volumes.  Companies at Levels 3 and 4 can self-assess, Level 2 can self-assess or be externally audited, and Level 1 must be externally assessed, with approximately 380 mandatory controls.  These include building and maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, implementing data security awareness training with employees and maintaining an Information Security Policy.

Debitsuccess has been accredited with the highest PCI DSS compliance rating (Level 1) for five years running, maintaining our standing as an industry leader in data security for financial transactions and giving our clients and their customers peace of mind.

The importance of data security

Significant data security measures demonstrate an organisation’s commitment in this area.  These provide various advantages from helping businesses respond to and mitigate potential data security breaches and cyber security attacks, to assisting customers to become more efficient which in turn leads to an improved bottom line.

Our data security efforts underscore the significance we place on such measures and illustrate to all our stakeholders that we take our responsibility as a trusted credit card and direct debit billing services provider seriously.