Business / Technology
Tuesday, 24 May 2016 15:16 EATnewsdesk@kenyafreepress.com
The Central Bank of Kenya (CBK) has lauded Interswitch team for adopting fraud management tools that are of the highest standards for the payment cards industry.
The Bank’s Head of National Payments, Mr Stephen Mwaura, said it was such moves that contributed to Kenya being ranked third country in Africa to undertake a migration to chip and pin cards.
Mr Mewaura said as a regulator CBK will continue to work with key stakeholders to support cutting edge approaches in enhancing safety and efficiency in payments.
“This has seen skimming fraud reduce substantially, although new fraud patterns are emerging,” Mwaura said.
Mwaura said this at a ceremony where Interswitch scooped certificate for becoming the first non-banking institution in Kenya and east Africa to receive the high level Payment Cards Industry Data Security Standards (PCI-DSS).
The firm received a certificate indicating that it has acquired the industry technology to deal with fraud cases. A PCI handles large volumes of branded card transactions for credit, debit and prepaid including MasterCard, American Express, VISA, JCB and Discover.
Interswitch East Africa CEO, Bernard Matthewman said PCI-DSS provides a comprehensive framework for securing cardholder and transaction data. Interswitch is the only data centre in Kenya to have passed this level of assessment on two occasions.
He said as a specialised payments and Commerce Company, the industry rightly looks to the firm to lead on data security. “The PCI Standards help protect the safety of card data at multiple locations – from the point of sale (POS) to the processing centre,” he said.
They mandate measures to protect data from both internal and external threats. Victor Ndlovu, Kenya Country Manager at VISA says, “Unfortunately, the majority of data fraud still originates from internal staff at a merchant, issuer or payment processor.
PCI-DSS requires compliant institutions to implement sophisticated encryption, software and physical security to mitigate against this. PCI-DSS mandates that unmasked card data is only handled inside a Card Data Area, which has additional technological and physical security measures.
Matthewman said the company uses physical security and software to monitor if complete credit card details can be detected outside our Card Data Area. And we hire ethical hackers to regularly stimulate attacks on our card centre.
“It is a constant battle to stay ahead of fraudsters. Interswitch initiated the Great Migration to EMV in 2013 to help push Kenya to EMV, we were clear at the time that securing the card was the first step but the channels and data centre would become the new focus. PCI-DSS has been part of our program to ensure that these are secured to the highest global standards,” he said.
Interswitch is a certified member of the PCI Security Standards Council, which prepares the standards. The five major card companies MasterCard, American Express, VISA, JCB and Discover, formed the Council in 2006.
Jack is a business and society writer at the Kenya Free Press