Adeptra demonstrates focus on security with recertification to key payment account standard for US and Europe

18 December 2008

Adeptra, the global market leader in auto-resolution services, has re-validated its compliance with the Payment Card Industry Data Security Standard (PCI DSS), the industry standard for the protection of payment card customer account data. Adeptra was the first company in its field to gain external certification, following an initial audit in November 2007. This latest review reconfirms the company’s position as the sole auto-resolution provider recognised as compliant by an external Qualified Security Assessor in both the US and Europe.

PCI DSS is a comprehensive set of criteria for enhancing the security of payment card customer account data. All major credit card companies stipulate compliance from any company that stores, processes or transmits such data, including card issuers and any third party they work with. Non-compliant organisations risk fines and the withdrawal of their entitlement to process credit card payments.

Lou Venezia, CEO of Adeptra, warns of the limitations of self-assessment: “Although not mandatory for companies processing less than six million payment card transactions annually, we believe the meticulousness of an external review is vital to give our clients total confidence about how we handle their customers’ data. Card issuers using other auto-resolution providers could find that activities done in their name and involving their customer’s data have not been tested to the same exacting standards as they themselves are required to achieve. Adeptra was the first auto-resolution company to achieve independently-assessed compliance with PCI DSS and, as of our last audit, we remain the only provider in our industry to have achieved this in both Europe and the US.”

Adeptra began the process to achieve PCI DSS certification in May 2006 with a programme of security reviews and enhancements in accordance with PCI DSS v1.1. Instead of self-assessment, it opted to undertake the more rigorous independent assessment to ensure it would meet or exceed the standards expected of its clients. It became the first company to pass an external review in November 2007 and, following a routine annual audit, Adeptra was re-validated as compliant as of December 2008. The company maintains vigilance through continually enforced procedures and policies, compliance management tools that supports on-going vulnerability testing, and internal audits conducted at quarterly intervals.

Adrian Prim, Quality & Compliance Manager at Adeptra, said: “Payment card users justifiably expect that their account data is protected by robust security standards. Guidelines previously issued by individual payment card brands are now united within PCI DSS and they would deem it negligent for any organisation that handles customer data not to adhere with this industry requirement. As a mode of communication between issuers and card users, auto-resolution providers are subject to this obligation. Any security breach found to have occurred within a non-compliant provider would reflect very badly on them, and has potentially even more significant implications for the card issuers or other companies using such services.”

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development