Posted on January 19, 2011

Commercialbank, one of the largest issuers of payment cards and a leading provider of acquiring services, announced that it has been awarded the PCI Security Certificate – making Commercialbank Card Services the first and only payment platform in Qatar to have received the coveted security certificate. In particular, the certification recognizes theworld class data security standards Commecialbank applies in protecting customer information and preventing payment card fraud. The security standard developed by the Payment Card Industry Security Standards Council (PCI SSC) confirms that the customers of the Bank enjoy the best possible protection against any misuse of sensitive data. This successful certification proves that the Bank’s security is in line with the strict requirements of the Payment Card Industry Data Security Standard (PCI DSS), based on global international standards.

The certification was achieved after an extensive independent audit by certified Auditors, to meet the payment industry data security standards and compliance requirements by Visa and Mastercard. The PCI DSS standard represents the best practices defined by  industry-wide requirements for security management, policies, procedures, network architecture, software design and other critical protective measures that service providers must adhere to, in order to safeguard sensitive data. Providers must undergo an annual on-site PCI Data Security Assessment by an independent Qualified Security Assessor (QSA) to attain compliance. During the thorough examination of compliance, Commercialbank Card Services thoroughly fulfilled all the security requirements. The QSA then granted the certification to Commercialbank further enhancing and strengthening the Bank’s position as a visible leader in the card processing industry and marking a significant milestone in the Bank’s commendable history.

Kamran Siddqi, General Manager ME from Visa, , one of the leaders in the area of protection of sensitive payment card and transaction data was quoted saying   "The PCI DSS provide an industry standard to protect sensitive payment card data from attack and unauthorized use by criminals and creates customer trust in the payment card system.  By getting their systems certified, Commercialbank has proved its strong  commitment to high data security standards and protection of cardholder data they access and process. We would like to thank the Bank’s management and staff for their cooperation, professionalism and assistance throughout the certification process.”

Andy Stevens, GCEO Commercialbank says that, "For Commercialbank, as a provider of international full-service solutions for non-cash, card-based payments it was a matter of course to implement the highest security standards.  Being the first Bank in Qatar to achieve the PCI DSS is a continued measure of our commitment to protect the security of our customers and will raise our card business to a new level of quality. This forward thinking approach aligns perfectly with our mission and goal of enhancing cardholder data security, by fostering the broad adoption of payment card industry standards and keeping customers’ data safe. We at Commercialbank are extremely pleased to bring this unique offering in the Qatari market today. It is indeed a milestone in the evolution of fraud-screening solutions”

John Dolton, Acting CEO, Orient, Principal Technology Officer, Commercialbank said “The certification recognises that Commercialbank has used the best practices and guidelines to protect sensitive cardholder data and minimise risk of financial losses. As the card payment landscape continues to evolve, information protection, risk mitigation, security and controls remain the ultimate concern. The Bank’s principal focus is on security and privacy issues. We look forward to leveraging our deep experience in information security and payment processing technologies that will make it easier to define standards that help protect the safety of cardholder data.”

The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.

PCI DSS has been endorsed by all of the major card brands: Visa Inc., MasterCard Worldwide, Discover Network, American Express, and JCB. Through its Level One PCI DSS compliance validation, Commercialbank can support any on-line application, regardless of the volume of credit card information stored, processed, or transmitted. This level of compliance validation is required of any service provider supporting more than one million transactions or accounts per year.