Telepoint and PCI DSS v4.0: A New Benchmark for Data Security in Bulgaria


Established in 2007, Telepoint is a high-tech company that stands as a leader in colocation services with three state-of-the-art, neutral, and fully redundant data centers in Sofia and Montana, Bulgaria. Serving over 600 clients, Telepoint is a recognized data center providing a comprehensive range of services, including colocation and IT project management. Recently, the company achieved a significant milestone by becoming the first data center in Bulgaria certified under the PCI DSS v.4.0 standard.

PCI DSS (Payment Card Industry Data Security Standard) is a standardized framework for securing payment card transactions, introduced in 2004 by the Payment Card Industry Security Standards Council (PCI SSC). Before its establishment, individual card brands (Visa, Mastercard, Discover, JCB, and American Express) maintained their own security programs. The primary goal of this standard is to enforce measures to protect payment card data, thereby reducing vulnerability to cyber threats and fraud. Compliance with the standard not only builds trust with customers but also acts as a safeguard against financial losses, reputational damage, sanctions, and legal liability resulting from data breaches.

To adapt to the standard's dynamically changing requirements, Telepoint established a stable partnership with the Austrian certification company 7Security GmbH in 2018. As a Level 1 Service Provider, Telepoint undergoes an annual PCI DSS audit conducted by 7Security. This comprehensive process assesses the implementation of 12 requirements and over 300 security measures. The partnership extends beyond compliance checks and includes ongoing consultancy services.

PCI DSS is one of the most comprehensive standards in the field, significantly reducing the risk of customer data misuse. Beyond compliance, it encourages an elevated level of customer trust, distinguishing Telepoint as a secure and reliable partner. Telepoint's unique approach to PCI DSS compliance goes beyond standard requirements. The company not only protects its own operations but also optimizes the certification process for its clients.

In its role as a Trusted Partner Service Provider (TPSP), Telepoint covers specific requirements, saving clients valuable time, resources, and capital. For example, one PCI DSS requirement pertains to the physical security of cardholder data. As a data center meeting these requirements, Telepoint streamlines projects for all its clients seeking certification by handling the physical security requirement on their behalf.

This not only benefits clients but also provides Telepoint with a competitive advantage over data centers that do not comply with PCI DSS requirements. The new version of the standard, PCI DSS v.4.0, introduces enhanced requirements for data encryption, access control, vulnerability management, incident response planning, and thorough validation of the PCI DSS scope.

Until March 31, 2024, companies can choose to certify under the previous version (3.2.1) or transition to the new one (4.0). While many companies may not be ready for a change and prefer to follow the old version as long as possible, Telepoint has decided to certify under the new version this year. After significant work and active engagement from the team and management, the company received the first PCI DSS v.4.0 compliance certificate in Bulgaria at the end of August 2023.

The decision to adopt this version ahead of the industry norm demonstrates the company's commitment to staying abreast of evolving technologies and new security threats. In conclusion, Telepoint's achievement in obtaining the PCI DSS v.4.0 certificate marks a new stage in data security in Bulgaria. This event not only solidifies the company's leading position but also sets a benchmark for data centers aiming for such certification. Beyond regulatory compliance, Telepoint's commitment reflects its proactive cybersecurity policy, aiming to ensure a secure environment for client data.