• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
CASESTUDY
Turning PCI complianceinto a business asset
Our customers are retail merchants, sopayment card data security is paramount tothem. That's why we set out to build ourentire IT ecosystem, from the ground up,to be PCI DSS compliant.Our goal was to ensure that data securitywould never be an issue for customers orpotential customers. And the fact that ourIT systems were designed from the startwith compliance in mind is a definitecompetitive advantage for us
Jeff T. Liesendahl
CEO, Accertify
 
CASESTUDY
challengesolution
Turning PCI complianceinto a business asset
Customer requirements and best-business practices dictated that Accertifyshould build its IT systems to comply with the PCI DSS standard from thevery beginning.Executive management was looking for this adherence to industry standardsto become a tangible business asset.With a small IT staff and limited PCI experience, and with a goal of beingcompliant and validated to the PCI Data Security Standard in a very shorttimeframe, Accertify needed a partner.With guidance and expertise from Halock Security Labs, Accertify was ableto implement an IT security program that fully adhered to the PCI DSSguidelines within just three months.Bringing to bear capabilities ranging from governance through networarchitecture, systems hardening and secure application development, Halock acted as
Accertify‟s
trusted information security partner.Accertify is in a unique position. Theyprocess no credit cards themselves, butwork with customers whose livelihooddepends on credit card transactions.These customers look to Accertify tomonitor and protect their companies fromfraud. Because of this, Accertify is heldto the highest level of data securitystandard by some of the largestmerchants in the world.
 S  p e ci   al     C  u s t   om e s 
 
CASESTUDY
the project
The first effort undertaken on the path to bring full PCI compliance to
Accertify‟s
systems was to identify and scope the elements and systems thatwould need to adhere to the DSS standard. For this step Halock assigned ateam of PCI Qualified Security Assessors to work with the internal Accertifyteam to better understand the intent of each PCI requirement.It was determined that any system or process that was associated with creditcard data needed to continue through the remaining steps in the PCIcompliance project.By working with Halock and their Qualified Security Assessors early in theprocess, Accertify was able to avoid false starts and failed Reports onCompliance.
ReviewBuild
Scoping
Audit/Test
3 months
Submit Reportcoping
Once the systems targeted for PCI compliance were identified, Halock begana review of the architecture of 
Accertify‟s
application development andnetworking infrastructure.
Halock‟s
Secure Application Services group worked closely with
Accertify‟s
development team to craft the SDLC documentation, ensuring that
Accertify‟s
custom code was being built to PCI standards
Review
Turning PCI complianceinto a business asset
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...