LankaClear, the operator of LankaPay National Payment Network, continued to build on the already established trust among the financial sector by successfully completing the recertification process of Payment Card Industry Data Security Standard (PCI-DSS), version 3.2. Last year, LankaClear became the first entity in Sri Lanka to obtain this certification, which is an annual audit process adhering to stringent conditions and guidelines. Certifying with PCI-DSS for a payment network is to reach the zenith of international data security standards and LankaPay has further demonstrated their commitment in adhering to highest security standards by completing the process once again.
As a safeguard to the payment industry in the face of rising payment card data breaches the world over, the Payment Card Industry Security Standards Council (PCISSC), governing body of PCI-DSS, was established in 2006 by the world’s leading international card schemes joining together for this effort. PCI-DSS applies to entities that process, store, transmit or access cardholder information for major debit, credit, prepaid, ATM and POS cards. The Standard consists of 12 high level requirements across six categories. Some or all of the 12 may be applicable to an entity depending on the nature of their business as well as whether or not they store card data. PCI-DSS certification involves a rigorous and exhaustive audit process that encompasses entire operation of entities that store, process, or transmit cardholder data. However, any entity that shows consistent commitment to PCI DSS will prove how seriously they take the security of their customers’ cardholder data.
“Considering the alarming number of security incidents the world over, which is growing by the day, ensuring data security is of paramount importance to any organization. Hence, obtaining an internationally acclaimed top most security standard, such as PCI-DSS, certainly signifies the organization’s commitment towards minimizing security risks against the backdrop of rising tide of data security breaches. The enormous cultural shift, in terms of people and processes, which our organization went through to achieve this certification, is a clear testament to the brand promise of LankaPay as the “The Trusted national Payment Network”. Maintaining this exhaustive international benchmark, by getting recertified, is an ongoing process and the organization has to be continually vigilant and ready to face any security eventuality.” said Mr. Channa de Silva, General Manager/CEO of LankaClear.
PCI-DSS is not in any way a static, but an evolving standard based on the continuously changing threat landscape worldwide. Hence, an organization that achieves certification once cannot be complacent that their recertification is guaranteed at the next annual re-audit. Thus, obtaining the initial certification is only the beginning of a continuous journey and a stringent process where an organization is subject to quarterly audits and an annual re-audit in order to confirm the recertification process. When an organization continues to be certified, best security practices become embedded into their culture to maintain the highest level of standards throughout the organization. Achieving PCI-DSS compliance may seem like an expensive, time-consuming process, but it encourages better security practices and thereby avoids the massive costs associated with major breaches.
Highlighting the importance of maintaining the highest level of security standards, Mr. Lal Dias, CEO of Sri Lanka CERT|CC said; “Cyber-attacks could come in many forms including Distributed Denial of Service (DDoS) attacks, website defacement and unauthorized access to systems etc. These unscrupulous acts are committed by a wide spectrum of individuals and organizations such as fraudsters, terrorist groups and even thrill seekers. As the single trusted source for providing guidance on the latest threats and vulnerabilities affecting computer systems and networks in the country, Sri Lanka CERT|CC understands the importance of adhering to international security standards. For organizations handling payment card related data, achieving such high standards is of paramount importance, and PCI-DSS is the highest available security standard in the payment card industry. Obtaining and getting the annual recertification for PCI-DSS is not an easy task, which requires commitment and dedication from the entire team. I would like to congratulate LankaClear for obtaining PCI-DSS rectification and would like to commend their tireless efforts to provide a secure online payment network in the country”.
LankaPay has been trailblazing and leading the way in driving the country towards a less cash society by introducing many cutting-edge technology based payment services in Sri Lanka. Some of the inter-bank services they provide are Cheque Image and Truncation, inter-bank ATM network, same-day bulk payments, real-time payments, mobile payments and USD clearing etc. Financial sector and the entire banking population utilizes their services and depends on the security and the reliability of the national payment network for their daily financial transactions. Therefore, obtaining the PCI-DSS certification provides further assurance on the stability, reliability and trust of LankaPay national payment network, which serves as the backbone infrastructure of Sri Lanka’s entire banking and financial sector.
Caption – (L-R)
Mr. Anuruddha Hewawasam, Information Security Engineer – TechSERT; Mr. Dhammika Guruge, Network Operation Manager – LankaClear; Mr. Dilantha Samarasinghe, Head of IT – LankaClear; Mr. Dinuka Perera, DGM IT and Operations – LankaClear; Mr. Abjijeet Singh, Deputy Sales Manager – SISA; Mr. Channa de Silva, GM/CEO – LankaClear; Mr. Balaji E.M, Business Development SAARC - SISA; Mr. Dileepa Lathsara, Chief Executive Officer – TechSERT; Mr. Nalinda Herath, Lead Security Engineer – TechSERT; Mr. Priyankara Bandara, Information Security Engineer – TechSERT