Half of Canada’s credit card payment departments failed the PCI DSS security test

Thirty-four federal agencies in Canada accept credit CARDS, but half of them fail international credit card security tests.

Failed to pass the test institutions, including the Canadian tax bureau, the Royal Ranger and Statistics Bureau and other 17. Currently, these 17 institutions accept Visa card, Mastercard, American express, JCB card of Japan and China Unionpay card for payment. Federal officials said they were not aware of the data breach.

The international test, known as the payment Card Industry Data Security Standard (PCI DSS), was launched by five large credit card companies in 2006 and the federal department must conduct a self-assessment on a yearly basis.

A briefing on June 7 this year showed that security breaches in departmental databases could significantly affect the government’s reputation and public trust and thus have a long-term impact on government management Functions.




Non-compliance departments can be fined for card replacement or costly judicial audits. Additionally, payment processors may suspend and revoke authorization to these departments, or increase credit card transaction processing fees.

The briefing sent to the Deputy Minister of Public Service and Purchasing (PSPC) of Canada also mentioned that 13 of the 17 non-compliant organizations are related to the Canadian Shared Services Corporation (SSC). Founded in 2011, SSC is responsible for their data system operations and maintenance.

The 13 institutions are: Health canada, Royal ranger, Ministry of Industry of canada, Canadian Ministry of transport, National Research council, Canada Border service, Canadian Ministry of Natural resources, immigrant refugees and citizenship, statistics canada, Department of Fisheries and oceans, Canada tax bureau, Canadian Food Inspection Agency and Canadian Library and Archives.

The SSC spokesperson blamed some of the blame on the 700 small data centers that were commissioned in 2011. SSC has closed 155 of these centres and established 3 modern data centres, but is still struggling to cope with aging and inefficient traditional data-processing systems.

The Canadian Parliament library, the Ministry of defence, the National Film Board of Canada and the Canadian Centre for Occupational Health and safety are also not compliant, and the 4 are responsible for the security of their IT systems.

Tips:PCI DSS certification Full name Payment Card Industry (PCI) data Security Standard (DSS), its information safety standards have 6 major projects, 12 small requirements, is currently the world’s most stringent, the highest level of security certification standards for financial institutions.

PCI DSS is a standard requirement for all security aspects of credit card information agencies, including security management, strategy, process, network architecture, software design requirements list, etc., to ensure the security of the transaction.