Nov. 17, 2006 – TechnoPark Corp. is the first Ukrainian IT company to get the certificate of compliance against PCI DSS. The certified software is mobile payment system MPPS. It was developed by TechnoPark for the Maltese MPPS Solutions Ltd.
PCI Data Security Standards were produced in late 90s by VISA, MasterCard and all other leading credit card companies. Payment Card Industry Data Security Standard is the unified world standard for handling and keeping cardholder data aiming to stamp out debit and credit card fraud, by introducing strict security standards.
The importance of introduction of this list of requirements is obvious because of the ever-growing number of thefts and illegal accesses to confidential data of cardholders. In fact, PCI DSS is a list of requirements for handling and keeping personal information of payment system’s clients. Without a doubt, the standard can never fight off the problem back and edge, but the results prove that it really works: according to statistics, no PCI DSS compliant system has been compromised yet.
Unfortunately, only 20% of all payment systems in the world have been certified by now. Among them, there is only one mobile payment processor; with its certification, MPPS has become the second PCI DSS compliant mobile payment system in the world.
MPPS is mobile payment processing system enabling its users to pay for goods and services using only their mobile phones. Like other mobile payment systems, MPPS needs to gather and store its customers’ information which includes personal and confidential data. It makes such systems to focus on protection and security of the gathered information. Data security is even more important task in the light of vigorous growth of this young but very prospective industry. High profits make mobile payment industry an attractive target for fraudsters’ attacks.
The PCI Data Security Standards are not an obligatory condition of payment systems operation. Nevertheless, VISA strongly encourages all online payment service providers to go through the certification. PCI DSS requirements cover mostly the piece of software, which operates the system, as this is the crucial factor providing the service’s reliability. Thus, software developer is responsible for PCI DSS compliance.
Software for MPPS was developed by the Ukrainian TechnoPark Corp. The company, together with MPPS Solutions Ltd.’s Management, passed through the certification procedures.
MPPS applied for the certification in August 2006. In September, the first stage of the certification was held – so called Onsite Audit. Onsite Audit is the audit held in the company’s office. MPPS software as well as documentation were checked and examined by representatives of the British One Sec Ltd. which is the official VISA’s auditor. The process took several days. The first-stage examination provided a list of comments and needed improvements which had to be implemented during a month.
The second stage – Last Clean Scan – was the final examination resulting in overall decision. It was held in October, and the certificate for MPPS was issued on October, 31. Now the company can guarantee high reliability and security of its services to both clients and partners.
PCI Data Security Standards have been used for more than 5 years, however there are very few PCI DSS compliant Eastern European software companies focused on online payments. Despite many of them are able to offer high-quality products, most IT companies are frustrated by the great efforts, both intellectual and financial, needed to complete the certification. Good news is that some outsourcing software development companies have already realized that the game was worth the candle. With the availability of reliable developers, risk of outsourcing online-payment projects to Ukraine decreases.
The Ukrainian software product’s PCI DSS compliance is an important achievement for the whole Ukrainian IT outsourcing industry. TechnoPark Corp. has made the first step towards changing the image of Ukrainian IT products from “cheap staff” to “high-quality and reliable software products”.
TechnoPark Corp. is outsourcing software development company with headquarters in the USA, Naples, Florida, and software development center in Ukraine, Dnepropetrovsk. Development of software for online payment systems (including mobile payments) is one of the company’s core focuses.
The Certificate of Compliance is available on TechnoPark Corp.’s web site at http://www.technoparkcorp.com/content/view/71/40/lang,en/.
— End —