Photo - K.K. Ng, executive director, GHL.
Malaysian end-to-end electronic payment solutions firm GHL has obtained PCI-DSS (Payment Card Industry - Data Security Standards) compliant status.
Speaking on 8 November 2012, GHL executive director K K Ng said the certification covers its data centre's entire core data network known as N3Net, where GHL collects and routes credit card transactions across / between merchants and banks. This includes all GHL's NETAccess products and its nationwide remote N3Net nodes.
"GHL's PCI-DSS certification covers its N3Net infrastructure which comprises of two data centres and its nationwide nodes, which collects and routes credit card transactions across / between merchants and banks. The certification was obtained on 3 September 2012," Ng said.
"GHL is the largest provider of managed payment network infrastructure in Malaysia," he said. "Many banks rely on our N3Net payment network infrastructure to enable merchants in both East and West Malaysia to accept credit card and ATM debit card payments from consumers. We operate through four regional centres nationwide.
"While GHL has always adhered to the highest levels of card data protection, the present PCI-DSS certification formally recognises that fact. Banks, merchants and the general public can rest assured; when they use a GHL payment terminal or network, their transaction data will be protected and kept safe."
He said the company invested more than RM1 million (US$328,000) upgrading its infrastructure and changing operating procedures to ensure that its clients are assured of the highest level of security for electronic transactions. "The PCI-DSS standard comprises of 12 distinct requirements and we took seven months to complete the change."
"In addition to assuring clients of the highest security standards in handling cardholder data, our PCI-DSS certification is also highly significant as it means that GHL now has the products to assist other service providers and financial institutions to be PCI-DSS compliant," Ng said.
PCI-DSS applies to electronic payment solutions providers that supply the infrastructure to route and / or store cardholder data in the processing of credit cards transactions. This comprehensive standard is intended to help organisations proactively protect customer account data.
Sign up for CIO Asia eNewsletters.