Case studies

The Fred Hollows Foundation Eye Exam

The Fred Hollows Foundation NZ

Maintaining trust in the not-for-profit sector

Maintaining the trust of our donors is absolutely critical. Using Quasar ensures we are employing best practices to safeguard confidential cardholder data and maintain a highly secure cyber environment.

Sharon Orr, Finance and Operations Director

Background

The Fred Hollows Foundation NZ (The Foundation) is a leading charitable organisation whose purpose is to end avoidable blindness and vision impairment in the Pacific. The Foundation carries on the work of legendary Kiwi, the late Professor Fred Hollows, an internationally renowned eye doctor. The Foundation’s work in the Pacific is guided by four pillars which includes restoring and preserving sight, training and supporting the regional eye care workforce, strengthening local health systems, and driving innovation and research. 

Being a charity, The Foundation relies on donations from a variety of individuals, groups, and organisations in order to conduct their incredibly important work. As part of this, they accept and process card payments from multiple payment channels, and as such have an obligation to be compliant with the Payment Card Industry Data Security Standards (PCI DSS) for each of these channels. They must keep donor’s cardholder data in a safe and secure environment and be able to provide evidence that their systems and procedures meet the extremely high requirements of PCI DSS.

The Journey

In 2018, The Foundation reached a credit card transaction threshold which required them to formally evidence compliance with PCI DSS to their merchant bank. Following a thorough consultation process, The Foundation engaged Confide and the Quasar team to support their wider security, risk and compliance programme. 

Initially, Quasar was tasked with conducting a targeted scan across The Foundation’s network servers, databases and digital devices to identify key areas of cardholder data risk that could potentially increase their PCI DSS scope. With this information, the Quasar team were able to identify the extent of cardholder data being stored and what systems and processes required modification and strengthening to enable compliance with the standards. 

Through continual scanning and analysis, Quasar was able to identify any issues, limit risk and ultimately support The Foundation to achieve their required 100% PCI compliance. All of this work was supported by Quasar’s QSA partner in New Zealand, Confide, who worked directly with the Quasar team in order to design and implement a sustainable PCI compliance programme that specifically aligned to The Foundation’s strategic objectives, organisational requirements, as well as those of PCI DSS. 

The Outcome

Over the past few years, The Foundation has continually strengthened their cyber environment and cardholder processing procedures and has reached a point where Quasar scanning has become an integral component of operational BAU activity. Quarterly scans are run and reported to management, which enable risks to be identified and remediated early. Quasar is used to support an efficient PCI assessment at the end of the compliance year. As a result The Foundation has developed an organisational culture which regards security and protection of confidential donor information and cardholder data as paramount. 

The Foundation has achieved an arguably ‘best in class’ secure and compliant cyber environment which enables them to provide assurances to their donors, banking partners, and wider stakeholders that they are taking security seriously, while managing their data in an effective way. Sharon Orr, Finance and Operations Director at The Foundation recently commented, ‘Maintaining the trust of our donors is absolutely critical. Using Quasar ensures we are employing best practices to safeguard confidential cardholder data and maintain a highly secure cyber environment.’ 

In a world that is experiencing exponential growth in cyber-attacks which could dramatically risk the trust placed in The Foundation and their ability to continue their work, their unique commitment to cyber security makes them a role model in the charitable sector. Quasar is proud to have supported them along the way!  

Eliminate the fear of the unknown. Find your at-risk cardholder data now!

Quasar Scan FAQ

Through over a decade of development, real-world testing, and refining, we understand the issues businesses and organisations of all sizes face when it comes to achieving PCI DSS compliance. Quasar Scan has been built to offer you a better way to create simple and sustainable compliance, reduce your risk, and protect your enterprise and your customers

User Guide

When you download Quasar Scan, the all-in-one installation of both the server and viewer makes it easy and fast to get started with your first scan.

You’ll also find detailed support in our User Guide, to connect and scale at pace.