I’m delighted to announce that BT Ireland has added another security certification to our impressive list. BT Ireland’s Citywest Data Centre is now Payment Card Industry DSS certified as a Level 1 Service Provider. This means our systems passed the most rigorous security requirements PCI DSS has to offer.
PCI DSS is an abbreviation for PCI Data Security Standard, the worldwide information security standard set by the Payment Card Industry Security Standards Council to help control and minimise points of risk to fraud or compromise of sensitive information. PCI compliance is an adherence of the policies and procedures that businesses handle information to the PCI DSS standard.
Why it matters
Card fraud rates are on the rise and it’s more critical than ever to implement and actively maintain effective fraud prevention solutions that address security and customer experience needs. According to new global benchmark data from ACI Worldwide (NASDAQ: ACIW) and Aite Group, 30 per cent of consumers globally have experienced card fraud in the past five years.
PCI-DSS is applicable to businesses dealing with payment card data – storing, transmitting and processing. They need to be PCI certified, and increasingly, they want to ensure their ‘providers’ – such as BT – are certified as well.
There has been some confusion surrounding whether data centres need to be PCI DSS complaint. From a data centre perspective, there is no direct requirement to be PCI compliant. However, when a hosted customer is going for PCI-DSS compliance, the data centre needs to participate actively in the customer’s PCI programme. Ideally this means it should be compliant as well.
BT has a long history of working closely with our data centre customers to ensure a safe, compliant and successful hosting experience. We have been involved in many PCI audits, helping companies prove their compliance within the data centre.
We have now gone a step further and achieved our own certification for PCI DSS Version 3.2, making BT a Level 1 Service provider.
Saving time and money
Keeping our customers secure and successful is the number one priority for BT. Being a PCI compliant data centre, we have the responsibility to provide the physical, environmental, network and infrastructure security that customers need to protect sensitive cardholder data and meet PCI DSS compliance standards. Now, instead of participating in individual customer compliance programmes, we can simply produce our own certificates to our customers, saving time and money.
It’s important to note that a company located within a PCI compliant data centre is not automatically PCI compliant. Again, each merchant or company claiming PCI compliance must have and be able to provide their own attestation of compliance via independent QSA (Qualified Security Assessor), detailing their sensitive information procedures as they follow the PCI standard.
Compliance is key
BT data centres comply with industry standards, so you can count on us to put the right controls, processes, and procedures in place to keep your assets in line with guidelines. Our Irish data centres are fully certified for ISO9001, ISO14001, ISO27001, and ISO20000 and we are dedicated to ensuring that we continue to develop and improve our processes to best support our customers
With data integrity becoming more important for more businesses, especially those with sensitive business information, a PCI compliant data centre guarantees that relevant data is protected to optimal security levels. At BT data centres, we continue to make security one of our top priorities.