Irembo, an e-government platform that enables the access and provision of government services in Rwanda, achieved a milestone in digital security with its attainment of compliance with the Payment Card Industry Data Security Standards (PCI DSS) in December 2023.
This achievement signals "a leap forward for Irembo and promises more secure access to and payment for government services through the Irembo Payment Gateway.”
ALSO READ: Inside Irembo’s plan to make govt services more accessible to citizens
The Payment Card Industry Data Security Standard (PCI DSS) is an information security benchmark designed to manage credit card transactions from major card brands. Administered by the Payment Card Industry Security Standards Council, it is mandatory for card brands. Established to enhance control over cardholder data and mitigate credit card fraud, compliance validation occurs annually or quarterly, tailored to transaction volume.
According to a press release, "Irembo’s adherence to these standards signifies a commitment to safeguarding financial transactions and sensitive information, reducing the risk of credit card fraud, data breaches, and unauthorised access to cardholder information.”
ALSO READ: Expansion of Irembo services must go hand in hand with digital literacy
Israel Bimpe, CEO of Irembo, emphasised the significance of PCI DSS compliance, "PCI DSS compliance enhances IremboGov's security, reassuring users about transaction safety and bolstering its reputation as a dependable payment platform. It enables wider payment options, including credit and debit cards, thereby increasing user convenience and accessibility to government services.”
"This accreditation is a milestone towards ongoing improvement, with Irembo continuously refining security and adapting to evolving threats and regulations to ensure sustained payment data protection,” Bimpe said.
The journey to compliance likely involved process optimisation and technology upgrades, facilitated by collaboration with industry experts like Digital Jewels, an IT Governance, Risk, and Compliance (IT GRC) firm specialising in cyber excellence. This strategic partnership ensured efficient implementation of PCI DSS standards, deploying technologies and processes to safeguard payment card data effectively.
This milestone follows Irembo's recognition as a Data Controller and Data Processor by Rwanda's National Cyber Security Authority, affirming its commitment to data protection and privacy laws.
Adedoyin-Odunfa, CEO of Digital Jewels, emphasised the importance of global best practice standards like PCI DSS in managing risks effectively in today's digital landscape.
"The rapid evolution of IT capabilities, particularly accelerated by the onset of the pandemic, presents both opportunities and risks. As technology adoption proliferates, so too do the risks. Responsible companies are turning to globally recognised standards as a means to manage these risks effectively. IREMBO is one such company that has taken proactive steps to implement and certify to one global best practice standard – the PCI DSS,” Odunfa said.
"Achieving strategic and secure performance in the digital space demands harnessing the power of IT through judicious approaches and effective governance. Conversely, careless deployment may result in escalated costs, reduced value, and heightened exposure to risks, leaving organisations at a competitive disadvantage."
IremboGov’s payment gateway, integrated into the IremboGov platform, offers users secure and efficient means to conduct government service transactions. With over 8.7 million transactions processed in 2023, totaling over Rwf 130 billion, IremboGov continues to drive digital transformation, promote inclusivity, and enhance access to essential services.
IremboGov is committed to achieving its Zero Trip - Zero Paper initiative, aiming to drive digital transformation, foster connectivity across the continent, bridge the digital divide, enhance access to essential services, and foster inclusive economic growth.