Published on: 13/Jun/2017
PCI DSS Recertified To Comply With Stringent Data Security Standards
We’re proud to announce that Infobip has been recertified as PCI DSS (Payment Card Industry Data Security Standard) compliant for our SSMS PIN delivery solution. Infobip was validated as a Level 1 service provider, which is the highest security category in the PCI DSS standard, a requirement for all all entities that process, store or transmit cardholder data.
As banks and financial institutions comprise a significant portion of our client list, it is essential to comply with a wide range of global security requirements. With 7+ billion transactions monthly processed through its platform, by encapsulating the traffic, offering data encryption, data masking, geo-redundancy and many other features, we’re committed to continuously meeting the highest possible levels of security and reliability.
PCI DSS Council was founded by major card brands such as Visa, Mastercard, American Express, Discover network, and JCB to ensure a secure environment for processing cardholder data. Following an extensive testing process, Infobip was found to comply with all of 12 PCI DSS requirements. This fact is crucial for Infobip because Infobip appreciate security in all aspects of its business and it is focused on improvements, thus continually upgrading solutions.
The PCI DSS certification is applied to Infobip’s SSMS (Secure Smart Messaging Service) PIN delivery service, an innovative service that harnesses SMS and gives it an additional security component to reduce the complexities of delivering banking card PINs to customers. As such, SSMS is one of a range of modern mobile solutions which can upgrade standard banking services.
For example, card PIN delivery can be improved to be faster, more secure, cheaper and provide more revenue for the bank. The Secure Smart Messaging Service is a PIN delivery solution based on a secure flow, utilizing Infobip PCI DSS certified platform, in which the PIN numbers cannot be read or intercepted by the bank, Infobip or third parties. This solution is faster than the standard, letter-based process, it bypasses many touchpoints, lowers cost of PIN distribution, and gets the end user using their card much faster than if the PIN is delivered using secure envelopes, thus increasing the collection of intercharge fees.
One of our clients, Hong Leong Bank (HLB), one of the largest banks in Malaysia, witnessed several improvements after deploying SMS instead of standard PIN delivery - the use of both resources and number of steps involved in the PIN generation and delivery process was reduced. Instead of managing a complex process of PIN delivery over postal services, SMS is used. During the standard process of issuing the PIN number, it is delivered to clients in a securely printed envelope sent through regular postal services. Typically, it takes anywhere from 2 to 7 days for the letter with the PIN to reach the client, who has already been given the new payment card. While waiting for the PIN envelope to arrive, the card is in a deactivated mode, which could have a negative impact on both customer card usage and the bank's card activation quota. There are also security concerns that are sometimes overlooked. Once the envelope with the PIN is sent out, the bank may not be able to track its status or whether or not it was delivered to the cardholder effectively. In case the PIN mailer was not delivered, the bank would reach the customers to suggest an alternative PIN delivery option with a significant delay.
If the PIN is delivered through SMS, customers are able to activate and start using their cards right away. The SMS solution proved to be much more cost-effective than the previous solution Hong Leong bank had. As a result of SMS implementation, HLB experienced around a 30% increase in internal process efficiency, having reduced the use of the printing and letter sending process. They also recognized that the cost of delivering PINs via SMS is around 50% lower than with the traditional letter approach.