Blog

Safe Cardholder Data Assured with Latest Security Compliance

  |   Blog

We recently hosted a breakfast event at the campus with one of our on-site partners -ServerChoice. Kao Data would like to take this opportunity to convey a huge thank you to everyone that took time out of their busy schedules to support the event and helped create a thoroughly enjoyable and well attended morning. Lord Sebastian Coe shared his insights and experiences into developing the team and technologies that delivered the 2012 London Olympic Games. Oli Pinson-Roxburgh, MD of Bulletproof Cyber demonstrated, that with a few over-the-counter items and a Raspberry Pi, how incredibly easy it is to hack into and gain control of someone’s device. This was both fascinating and alarming in equal measure.

According to the UK Finance’s ‘Fraud The Facts 2019’ report, £1.2 billion was stolen through fraudulent activity and various scams in 2018, although the financial community managed to stop the theft of an additional £1.6 billion through increased diligence across the sector.

The rise in CNP (card-not-present) fraud shows no sign of slowing down any time soon. Increasingly sophisticated strategies and tactics are being used for the illegal harvesting of personal financial information, which if misappropriated can cause catastrophic damage for the individual and organisations.

At any point in the transaction process your data can and probably is under attack if hackers and fraudsters believe there is the opportunity to harvest personal financial information. The continued increase in activity has made it essential that all organisations involved in the financial process invest in the PCI DSS (Payment Card Industry Data Security Standard) certification and ensure that all processes are audited by a PCI QSA (Qualified Security Assessor) consultancy. At Kao Data, we recently undertook this investment in our people and practices to ensure our customers and theirs are secure when data is resident at the Kao Data London One (KDL1) facility. In order to deliver the best service, we brought in One Compliance, a leading global, PCI QSA consultancy to evaluate the extensive work we had already undertaken. Earlier in the year, we achieved ISO 27001 – Information Security Management – certification, working with Keysource, Teamwork IMS and the UKAS Accreditors Alcumus ISQAR.

Implementing and maintaining payment and cardholder data security is essential for all of us that store, process or transmit data. Guidance for data security is stipulated in PCI security standards, developed by the PCI Security Standards Council. These provide the technical and operational requirements for organisations accepting and processing payment transactions or maintaining data integral to that process. Data centres have become a fundamental component in most financial transactions, cementing the need to be compliant with both ISO Standards and PCI DSS.

The robust procedures set by PCI DSS require compliance across three key layers where PCI security measures must be implemented; physical security, environmental security and network security: otherwise known as people, policy and technology.

During the rigorous on-site visit, One Compliance interviewed all Kao Data staff, reviewed all our policies relevant to the investigation and undertook an inspection of the site and technology suites to assess whether our physical security procedures were up to the required standard. The thorough examination of our processes and physical spaces, demonstrated to us that the best way to maximise security of data is to continuously monitor and enforce the controls and processes we have in place – which are now endorsed with the PCI Data Security Standard certification.

As online fraud continues to evolve in its frequency and complexity, gaining PCI DSS certification is another important stage in Kao Data’s journey. Not only does this add another layer to the accreditations and certifications that we have already received but continues to demonstrate our commitment to our customers in delivering the service levels expected of a world class provider, as well as our capabilities to keep our customers data secure and operational.



ISOQAR

Cert No. 16950 EMS-001, ISO 14001:2015
Cert No. 16950 OHS-001, ISO 45001:2018
Cert No. 16950 QMS-001, ISO 19001:2015
Cert No. 16950 ISN-001, ISO 27001:2013

BREEAM
Open Compute Project
tech UK
European Datacentre Association