Overview 

PCI DSS (Payment Card Industry Data Security Standard) is the baseline standard mandated by the government to achieve cardholder data security. It is critical for every payment card industry to adhere with the PCI DSS compliance to safeguard them from data theft and security breaches. Being a PCI QSA (Payment Card Industry Qualified Security Assessor) company, ValueMentor is qualified by the PCI Security Standards Council to validate the adherence of a service provider or merchant, who has a contractual obligation to comply with PCI DSS requirements. 

The Client 

The client is a payment gateway that comes under the regional scheme introduced by the Government for facilitating the collection of revenues and service fees safely and securely. Through the effective payment schemes and use of the latest technologies, the client has become an integral electronic payment system in the country. 

Requirements 

Being a payment service provider, the client needed the highest levels of security in all areas where cardholder data is transmitted and stored. The client was upgrading the system to the latest technology infrastructure and needed a trusted security partner to help them ensure PCI DSS Compliance. 

Challenge 

The key challenge faced during the project was coordinating with more than 15 vendors who were involved in the deployment of the scheme technology. It was imperative to ensure that all the PCI controls were applied during the implementation phase of the engagement. The customer team faced the challenge of coordinating with these teams and clearly articulating the requirement to ensure that the deployment is PCI DSS Compliant. 

Strategy 

ValueMentor placed a team of 3 members which included a QSA, a full time PCI Consultant and a member from our PCI Success Team. Our dedicated team of consultants coordinated with the different vendors as well as the scheme provider (client), in order to complete the assessment and implementation of their respective PCI controls. We also developed a dashboard that provided daily updates to the project manager and key stakeholders from the vendor environment.  

Final Results 

ValueMentor played the role of Remediation Advisory as well as Auditor (PCI QSA) working closely with the scheme provider. The Remediation Advisory Team coordinated with the vendors and ensured that the PCI DSS Compliance is achieved within the deadline. As a PCI QSA, we handled the compliance auditing and consulting to ensure that the client meets all the necessary requirements of the PCI standard. As a result, we successfully completed the PCI Certification in about 4 months’ time and ahead of their launch dates, eventually certifying the scheme as PCI DSS compliant. 

Conclusion 

With prominent cybercrimes becoming a regular occurrence, it has become imperative for every organization to improve the security of card transactions and protect cardholder data from being stolen. Due to the increased data breaches and identity theft, it is critical to ensure that the digital wallets are running on a PCI DSS Compliant platform that ensures safety and security. 

ValueMentor 

ValueMentor is a pure–play information security services and consulting company. We are specialists in delivering Security Consulting Services to organizations across the globe and pioneers in Information Security Audit Services, Information Security Consulting Services and Managed Services.