The Capita Group Plc Obtains PCI DSS Compliance Validation for its Software Services Division

London - 6 March 2008

The Capita Group Plc, the UK’s leading business process outsourcer and provider of integrated professional support services, has announced compliance with the Payment Card Industry Data Security Standard (PCI DSS) for its Capita Software Services division. Trustwave, a leading provider of information security and compliance management solutions for businesses and organizations throughout the world, performed the PCI DSS compliance validation.

PCI DSS is the payment card industry security requirement for entities that process, transmit and/or store cardholder data, and has been endorsed by all the major card brands – Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The PCI DSS is a framework for the secure handling of cardholder data. Under the PCI DSS, payment service provider compliance requirements are segmented into three levels based on the number of transactions processed and/or transmitted annually.

To obtain PCI DSS compliance validation, Capita Software Services had to meet the stringent security requirements of the credit card brands, submitting to a rigorous review of its information security policies, procedures and IT environment. Trustwave performed the following:
· Gap Analysis: Determines the effectiveness of current security controls
· Compliance Validation: Remote and on-site data security and compliance management solutions to complete the PCI validation process, address any discovered vulnerabilities and achieve and maintain PCI compliance.
· Remediation Recommendations: A Compliance Report that includes data gathered from the Selfassessment Questionnaire and vulnerability scan, and outlines actions required to address any vulnerability.
· On-Site Audit: Required by PCI DSS regulations, a yearly on-site assessment of the IT environment.
· Report on Compliance: To benchmark Capita with the PCI DSS.

Over 150 organizations (primarily public sector ) take payments using Capita’s AXIS managed services products (which include Internet Payments, Touch Tone and Payment Portal). With the heightened focus on card security and security of citizen data in general, these organizations and the 400,000 citizens who regularly use these products to make payments around the clock will be assured that their payments are being processed in line with the stringent controls around security that the standard dictates. Capita’s compliance achieves yet another first in card security among the major suppliers to the Local Authority marketplace.

“We are delighted to have attained PCI DSS compliance. We have continued to invest heavily in infrastructure, processes and our dedicated in-house Managed Services team, who have put in a great deal of effort in order to reach this stage,” says David Lockie, associate director of Capita Public Sector Software. “Our customers and their customers in turn can be assured that we remain committed to ensuring that the AXIS products and services lead the way in card security measures and data security in general.”

“With PCI DSS compliance validation Capita Software Services has satisfied the industry’s most rigorous criteria to protect credit card information, putting their AXIS portfolio at the forefront of card security,” says Robert J. McCullen, chairman and CEO of Trustwave.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development