The award makes the company the only Australian managed security services provider with the accreditation.
The PCI DSS secures cardholder payment data that is stored, processed or transmitted by merchants and processors.
The earthwave Managed Security Services, Clean Pipes, Secure Hosting and Secure Internet Gateway with PCI DSS certification is available immediately through the earthwave Certified Security Provider channel partner network.
Since 2007 all Australian businesses handling cardholder data irrespective of size have been mandated to comply with strict security standards drawn up by the world's major credit card companies. However, many business have ignored the directive until recently when the payment card brands started to enforce hefty fines for non-compliance.
Furthermore, recent changes to the standard insist that any merchant outsourcing their security infrastructure management, such as firewall and IPS systems to a managed security service provider, must also ensure their preferred MSSP is certified.
Ayden Nash, compliance manager at earthwave, said the company had a surge in the number of existing and new clients requesting that it become certified as they were being penalised as a result of the new standards.
"There are many requirements around firewall management, IDS, logging, file integrity monitoring, alerting, etc," he said.
"If we manage the firewalls for a PCI merchant they will note that the firewalls are managed by a PCI compliant service provider to take into account the requirements around policies and procedures, etc.
"Anyone in our position can very easily turn an IDS/IPS into a sniffer and obtain sensitive card information."
Compliance is driven by the payment card brands and not by the PCI Security Standards Council.
However, for most merchants, the deadlines for validating compliance with the PCI DSS have already passed.
The compliance assessment for earthwave was carried out by Bridge Point Communications which took two months to complete.
"The PCI DSS is a multifaceted security standard that includes necessities for security management, policies, procedures, network architecture, software design and other critical protective measures," said Daryl Haines, qualified security assessor at Bridge Point.
"PCI DSS specifies 12 requirements entailing many security technologies and business processes, and reflects most of the usual best practices for securing sensitive information.
"During the assessment process, earthwave achieved all these requirements and was awarded the certificate," he added.
With this level of compliance earthwave can provide managed security services for any clients requiring the PCI DSS certification as well as carrier neutral Clean Pipes, Secure Hosting and Secure Internet Gateway services.
The earthwave Secure Internet Gateway has also achieved certification to the Highly Protected classification level by the Defence Signals Directorate (DSD), Australia's national authority for information security.
The company's Managed Security Services and Secure Internet Gateway services include Firewall, Intrusion Prevention, IPSec and SSL VPN, Mail and Web Protection, Two-factor Authentication, Vulnerability Management, Vulnerability Remediation, Threat Intelligence, Encrypted Attack and DDoS Prevention, supported by robust and proven processes.
Picture: Carlo Minassian, CEO, Earthwave
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
