CCAP introduces new security standards

MANILA, Philippines - The Credit Card Association of the Philippines (CCAP) is laying down a number of security standards in the light of more sophisticated card fraud.

CCAP executive director and spokesperson Alex Ilagan said the group’s 13 members are aligning their systems in compliance with the Payment Card Industry Data Security Standards (PCI DSS), ultimately benefiting consumers as it increases the protections for cardholders against identity theft.

“CCAP’s member banks will comply with the standards to increase their control over cardholder data, thus reducing fraud through exposure. He added it also provides an actionable framework for developing a robust account data security process, including preventing, detecting and reacting to security incidents,” Ilagan said.

PCI DSS originally began as separate programs by Visa, MasterCard, American Express, Discover, and JCB – all of these eventually coalescing to create an additional level of protection for card issuers.

By December 2004, these credit card companies aligned their own policies to create the PCI DSS.

Ilagan said the security standard is comprised of 12 main requirements of compliance, which is organized into six logically related groups called control objectives.

First, PCI DSS requires card issuers to have a well-maintained security network, in which transactions can be smoothly conducted without causing any undue inconvenience to cardholders and merchants.

“For the second objective, cardholder information must be protected wherever it is stored. Vital data such as dates of birth, phone numbers and mailing addresses should be secured against hacking. When cardholder data are transmitted, that data must be encrypted in an effective way,” Ilagan described.

The third objective is to protect all card issuers’ systems against the intrusion of malicious hackers, by frequently updating their anti-virus software, anti-spyware programs as well as other anti-malware solutions.

By complying with PCI DSS, issuers must have restricted and controlled access to system information and operations, that requires every person who uses a computer in the system to be assigned a unique and confidential identification name or number.

Fifth, networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, are functioning properly, and are kept up-do-date.

Finally, a formal information security policy must be defined, maintained, and followed at all times and by all participating entities.

CCAP revealed that key benefits of being PCI DSS compliant are being able to build as well as maintain a secure business network that is less prone to system or security breaches, it also gives customers peace of mind knowing that their information is secure. ??

“This will improve customer trust and loyalty and reputation of the company, and guarantee its brand will be protected,” Ilagan said.