PCI DSS Compliance: Africa Data Centre Nairobi (formally known as East Africa Data Centre) is officially Payment Card Industry Data Security Standard (PCI DSS) compliant.
The centre is the first neutral data centre to be certified PCI DSS in Nairobi, and this, together with Uptime Institute Tier III and ISO 27001 certification, is an industry-first edge in East Africa.
“Our Nairobi Africa Data Centre facility now meets all of the necessary security requirements prescribed by the PCI DSS,” says Stephane Duproz, CEO of Africa Data Centres. “This means that over and above the access controls for our actual facility, we are PCI compliant and able to offer our customers trusted and secure support for all credit card transactions processed online.”
In addition, he says Africa Data Centres Nairobi will be proud to engage a lot more with the banking and financial services sectors as this new affirmation that it has met security standards for the payment card industry has been formalised.
PCI DSS’s main aim is to lower the risk of debit and credit card data loss in the event of a security incident. “It provides standards for how breaches can be prevented and detected, and how to react in the event of a security incident. It also provides protection for merchants and cardholders alike, and reassures customers that a Web site is safe and secure,” explains Duproz.
However, this compliance is more than just a tickbox exercise. Dan Kwach, General Manager East Africa for Africa Data Centres explains: “At Africa Data Centres, we believe that facilitating an environment where security and compliance are integral to everything we do, and not simply another hassle, is key to our success. When it comes to security, every standard and measure helps, and while there is no silver bullet, ongoing compliance checks when done appropriately help to harden the environment, and improve the security posture of the facility as a whole.”
“This is the cherry on the top for us, as we are already ISO 27001 certified, and conduct regular surveillance audits to ensure we remain compliant,” he adds.
“For us, compliance is not only about preventing problems and ensuring that everyone is abiding by the law, as well as rules and regulations. What is more important, is the positive effect a robust compliance program can have on our business, and therefore our clients’ businesses too,” Kwach concludes.
PCI DSS standards were created in 2004 by the founding members of the PCI Security Standards Council to keep the growing number of high-profile security breaches in check. These companies include American Express, MasterCard Worldwide and Visa among several others.”