Intabill gets PCI security accreditation for online card transactions
Brisbane headquartered online payments processor, Intabill, has been certified compliant with the Payment Card Industry (PCI) security standard.
In a statement issued late last month Intabill claimed it is one of the first companies in Australia to achieve compliance.
It said that Intabill’s data security infrastructure and procedures had been audited over a five month period by an independent consultant to ensure they meet 12 stringent requirements set down by the PCI Security Standards Council.
Daniel Tzvetkoff, the multi-millionaire founder and director of Intabill, said that gaining PCI compliance showed the company’s commitment to providing the best possible data security for clients.
“Gaining PCI Compliance generates a range of legal, financial and corporate benefits – but most importantly it re-inforces to our clients that credit card data stored by Intabill is protected by some of the world’s leading security technology.”
He said that Intabill is a leading global ecommerce company and processes more than one million transactions every month.
However eCommerce Report is uncertain whether Intabill’s PCI accreditation will do anything to reduce the apparently growing overall level of online card fraud.
And arguably, Intabill’s PCI accreditation shows that the standard has some significant weaknesses as a measure to fight online card fraud.
Last month, Reserve Bank of Australia Assistant Governor for financial systems, Phillip Lowe, told an industry conference in Sydney, that online and telephone card fraud has grown by 50% last year
“ Another consideration is that fraud rates on online transactions appear to be steadily increasing” he said.
“Almost half the fraud on credit cards occurs in situations where the merchant does not physically see the card, with the fraud rate increasing by around 50 per cent over the past year.”
He added that “If this trend were to continue, it could undermine consumer confidence in transacting online which would have obvious costs.”
Certainly PCI compliance is one of the credit-card industry’s most important contributions yet to ensuring online merchants store card information securely, and minimize any scope for theft of card account information.
The PCI-DSS (Payment Card Industry Data Security Standard) is extremely detailed and has attracted widespread support from both online merchants and financial institutions.
One recent local example of the level of importance online merchants place on getting PCI accreditation was the loss of card data from Melbourne based domain name registrar – Bottle Domains.
In the wake of the loss, one of the first actions Bottle took to restore damaged confidence in its business was to get PCI accreditation.
Just like Intabill, Bottle Domains contracted a South Australian based security company to conduct its PCI audit.
eCommerce Report has confirmed that Intabill’s PCI audit was carried out by CQR Consulting. (Bottle commissioned the Vectra Corporation for its audit)
CQR executives told eCommerce Report that the accreditation may be cited globally, but actually only covers Australia and New Zealand.
This is clearly significant in the case of Intabill because its payment processing services are mainly provided to online merchants in Europe and North America, and mainly to so-called high-risk online merchants.
These are online porn, gambling, and pharmacy merchants who normally have difficulty in establishing a merchant account to accept online payments at mainstream banks. And certainly not at an Australian bank.
eCommerce Report confirmed last year that none of Intabill’s payment processing is carried out through an Australian bank or financial institution.
As we reported, Intabill said that it was planning to start operating locally this year.
That being said, the nature of Intabill’s business is hardly disguised at its web-site.
Indeed Intabill specifically promotes the virtues of off-shore payment processing and merchant accounts.
And it offers services clearly designed to enable online merchants to get around normal bank protections against authorization of card transactions of questionable provenance.
Its Cascade (www.intabill.com/cascade.php) service, for example, gives online merchants the ability to try up to 20 different payment processors until one can be found that will give payment authorisation to a card transaction.
“If for example the first (primary processor) denies the transaction; customers are automatically redirected to your secondary processor, with the information from the initial transaction again pre-completed for them.”
For more information go to
www.intabill.com
www.cqrconsulting.com.au
www.rba.gov.au
www.pcisecuritystandards.org
www.bottledomains.com.au
www.vectra-corp.com.au
www.intarev.com
www.ecommercereport.com.au/story43.php
| 
