Accreditation provides safe haven for payment merchants
LONDON, 9th December, 2009 – Star, a provider of on-demand computing and communication services to UK businesses, has announced that its UK data centres have achieved Payment Card Industry Data Security Standard (PCI DSS) compliance - the internationally recognised industry standard for payment account data security. Following a stringent accreditation process, which included interviews, data centre site visits and an assessment of Star's policies and procedures, Star's UK data centres in London, Bristol and Gloucester, are now PCI-DSS compliant, providing a clear indication of the high level of security that is in place at each of the facilities.
To achieve the PCI DSS security level, Star was required to meet requirements 9 and 12, which ensure the cardholders' data is safe, with secure access controls both on a physical and virtual level, as well as ensuring regularly monitored security settings and protocols are in place. The driver behind seeking this multifaceted security standard was to meet the growing demand from customers that store and send details such as credit card numbers, who need to be able to demonstrate that their hosting provider has the required level of physical and virtual environment compliance to store customer data. Star provides the secure physical environment and network services that helps customers to achieve their own compliance, as is required by law.
John Iball, Senior Product Manager for Security at Star comments: "As the financial industry re-focuses on payment card security, it is no longer just our customers that must demonstrate their compliance, but also their hosting providers need to meet the criteria. The protection of confidential customer data is at the forefront of all our services, this accreditation not only ensures that Star is compliant but also means that our customers are able to meet the standards, via Star, that they require on an individual basis. However, simply choosing a compliant service provider does not automatically make a business compliant. Moving forward, businesses will continue to seek those providers who have this proven level of security and we pride ourselves on being at the forefront of best practice measures when it comes to managing our customers' data."