Fonepay Payment Service Limited, one of the reputed Payment System Operators (PSO), licensed by Nepal Rastra Bank (NRB). Fonepay network brings together 52 Banks and Financial Institutions (BFIs) and 1.4 Lakhs + merchants, which has been providing its service to more than 11 M mobile banking subscribers across Nepal. Fonepay registers over 1 Lakhs transactions every day and has attained the coveted PCI DSS v3.2.1 certification. The company announced the achievement of PCI DSS Level 1 accredited service provider status (for merchants who handle over 6 million card transactions a year) for its entire platform.
The certification implies that all operations carried out under Fonepay’s scope are secure and underline the company’s commitment to secure customer data integrity by providing secure payment options.
Payment Card Industry Data Security Standards (PCI DSS) is a set of stringent standards mandated by the Payment Card Industry Security Standards Council (PCI SSC). The standards are to be followed by entities that store, process, and (or) transmit cardholder data and prevent frauds on payment cards.
For technology vendors, attaining PCI DSS Level 1 certification involves a detailed audit to ensure documentation of technology, network, and internal processes according to the PCI standards. Fonepay completed its certification following an audit by independent QSA SISA, confirming its solutions are compliant with PCI DSS for Level 1.
Diwas Sapkota, Fonepay’s CTO, mentioned, “Fonepay is the first Non-Card based PSO in Nepal to achieve this level of certification. This enables Fonepay clients to achieve PCI DSS compliance using the Self-Assessment Questionnaire (SAQ) process without investing heavily in their infrastructure.” He added, “Using a Level 1 certified platform significantly reduces the risk of a data breaches and shifts the liability for investigating any suspected breaches from the contact center organization, removing the risk of financial and reputational damage for clients.”
SISA worldwide CEO and founder, Dharshan Shanthamurthy congratulated Fonepay’s team on achieving PCI DSS certification and standing as Nepal’s first Payment Service Operator Company to attain the milestone.
“Fonepay has now laid an excellent foundation to be vigilant and ready to face any security eventuality. When organizations invest their time and expense in attaining such coveted compliance, we understand how much they value their customer data security,” he said.
“With PCI DSS certification, the company ensured the highest security level with all the necessary technologies to keep their payment environment secure.”