PCI Regulation

Horizon Tax Free is committed to maintaining the highest level of professional and ethical standards in the conduct of its business. The directors and employees of Horizon Tax Free strictly observe all laws and regulations applicable to its business activities. Senior Management play a crucial role in ensuring compliance culture is maintained in Horizon Tax Free, and are committed to leading by example, managing employees so that they may also strive to maintain such standards and follow policy and procedures in line with internal and regulatory requirements.

PCI Data Security Standards

Horizon Tax Free operates in full compliance with the Payment Card Industry Data Security Standard (PCI DSS) endorsed by Visa, MasterCard and other leading schemes. Horizon Tax Free first achieved PCI DSS certification in February 2009, and has continued to strengthen its policies and practices to maintain absolute compliance with these critical standards.

According to Mr Martin O’Neill, Head of Risk & Compliance, Fexco Merchant Services, “The PCI DSS Certification validates our commitment to the protection of our customers ‘sensitive data’, and gives our clients the necessary assurance that payment card information processed and held by Horizon Tax Free is protected and managed, in line with the highest data security controls and with the PCI DSS 12-point framework”

About PCI DSS

PCI DSS was created by the founding payment brands of the PCI Security Standards Council (Visa, MasterCard and other leading schemes) to develop a set of comprehensive requirements for enhancing payment account data security and to facilitate the broad adoption of consistent data security measures on a global basis. PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The core of PCI DSS is a group of principles and accompanying requirements, around which specific elements of the DSS are organised. These are:

  • Build and maintain a Secure Network
  • Protect Cardholder data
  • Maintain a Vulnerability Management Program
  • Implement strong Access Control Measures
  • Regularly monitor and Test Networks
  • Maintain an Information Security Policy

Payment Card Industry Data Security Standards (PCI DSS)

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

PCI DSS is a multifaceted security standard that includes rigorous requirements for security management, security policies and procedures, network architecture, software design and other critical protective measures. PCI through Qualified Security Assessors (QSAs) conduct annual audits on Horizon Tax Free to assess our level of compliance with the standards.

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organised:

1 – Build and maintain a secure Network

  • Requirements 1 Install and maintain a firewall configuration to protect cardholder data
  • Requirements 2 Do not use vendor supplied defaults for system passwords &other security parameters

2- Protect Cardholder Data

  • Requirements 3 Protect stored cardholder data
  • Requirements 4 Encrypt transmission of cardholder data across open, public networks

3- Maintain a Vulnerability Management Program

  • Requirements 5 Use and regularly update anti-virus software
  • Requirements 6 Develop an maintain secure systems and applications

4- Implement strong Access Control Measures

  • Requirements 7 Restrict access to cardholder data by business need-to-know
  • Requirements 8 Assign a unique ID to each person with computer access
  • Requirement 9 Restrict physical access to cardholder data

5- Monitor and Test Networks

  • Requirements 10 Track and monitor all access to network resources and cardholder data
  • Requirements 11 Regularly test security systems and processes

6- Maintain an Information Security Policy

  • Requirements 12 Maintain a policy that addresses information security

The PCI DSS audit was undertaken by O-C Group in February 2009, and Horizon Tax Free achieved renewal of PCI DSS certification in February 2010.