Recently, VNPAY has received certification for PCI-DSS version 3.2.1 Level 1 for its VNPAY Payment Gateway from ControlCase, an international company specialised in PCI–DSS compliance.
Le Tanh, general director of VNPAY received the PCI-DSS version 3.2.1 Level 1 certification
The certificate is the highest level of Service Provider, ensuring the security of card data at businesses through a set of requirements established by the PCI Security Standards Council (PCI SSC).
Realising the importance of payment security, as well as understanding customers' concerns about security issues, VNPAY has made efforts to improve the security standards for its payment gateway to achieve the PCI-DSS version 3.2.1 Level 1 certification.
The PCI-DSS 3.2.1 Level 1 certification is the latest version with even more stringent requirements than the previous one. The new version requires multi-factor authentication, data encryption in line with security standards, as well as regular compliance and periodic reviews across the whole organisation.
Speaking at the certification ceremony, Le Tanh, VNPAY's general director, said that the firm placed top priority on security and information security. Thus, the company has always made efforts to carry out all customer transactions with the highest level of security and safety.
"VNPAY has spent a lot of resources and time on this special project. The certification has become a driving force for us to deliver the best quality services to our customers, ensuring the highest level of safety and security in line with international criteria," he said.
VNPAY has made preparations since 2019 to get this certification by setting up a state-of-the-art tech site based on the Cisco ACI platform. The site meets 12 major and over 100 minor requirements for a payment system such as information security, data processing procedure, computer network structure to ensure thorough data transmitting, and minimise the risk of information theft.
As of present, the new conversion process has been implemented at over 30 major banks, as well as 70,000 VNPAY-QR code accepted payment points with Transport Layer Security (TLS) 1.2 specification which has strong encryption algorithms.
The PCI-DSS version 3.2.1 Level 1 certification not only demonstrates VNPAY's capacity via strict requirements of data security in the process of storing, processing, and transmitting cardholder data in line with international standards, but also broadens the firm's cooperation opportunities with international organisations.
The PCI DSS certification is obligatory for all entities that store, process, and transmit cardholder data. It is evaluated yearly based on a set of strict requirements established by the PCI Security Standards Council (PCI SSC)