The Payments and Compliance CloudTM
SecureCo™ is Australia’s leading specialist in Payments, Security and Compliance Cloud solutions.
Our mission is to protect brand reputation, while simplifying complexity and reducing the costs of delivering security, compliance and payments solutions.
As a leading payments company, SecureCo’s cloud solutions move credit card and personal information from on-premise environments into our highly secure and versatile platforms. Built with a security first approach, our best of breed PCI DSS solutions cover web, storage, call centre and the payment environments to deliver 24/7 monitoring.
While increased connectivity and the rise of mobile payments has brought many opportunities, it has also delivered a number of new challenges and threats around managing online security, protecting customer information, and meeting evolving compliance standards.
In this new age, no single organisation is safe. Victims of data breaches include some of the biggest companies and government organisations in the world, with the negative business impact far reaching.
In a data breach, everyone is a target – especially your customers, intellectual property, brand and business partners.
Are you and your organisation doing whatever it takes to protect your data?
SecureCo™ provides a suite of best practice, PCI-DSS compliant, future proofed solutions for your business.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle branded credit cards from the major card schemes.
The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually. Either by; an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor (ISA) that creates a Report on Compliance for organisations handling large volumes of transactions, or by a Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
Australia's Privacy Principles
Below is a summary of the National Privacy Principles (NPP’s). Additional information and guidance on the interpretation of the NPP’s can be found in the Guidelines to the National Privacy Principles on the Office of the Australian Information Commissioners website.
NPP 1: collection
Describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.
NPP 2: use and disclosure
Outlines how organisations may use and disclose individuals’ personal information. If certain conditions are met, an organisation does not always need an individual’s consent to use and disclose personal information. There are also rules about direct marketing.
NPPs 3–4: information quality and security
An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access.
NPP 5: openness
An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it.
NPP 6: access and correction
Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
NPP 7: identifiers
Generally prevents an organisation from adopting an Australian Government identifier for an individual (eg Medicare numbers) as its own.
NPP 8: anonymity
Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves.
NPP 9: transborder data flows
Outlines how organisations should protect personal information that they transfer outside of Australia.
NPP 10: sensitive information
Sensitive information includes information relating to health, racial or ethnic background, or criminal records. Higher standards apply to the handling of sensitive information.