About the client
Our client is an award-winning B2B software vendor that provides innovative payment solutions to top players in FinTech and a range of other interlinked industries. Their product portfolio includes eWallets, a content aggregator, a payment processing solution, and iGaming management and multi-brand affiliate management solutions.
Our client came with the challenge
Headquartered in London, our client already had six development centers across Europe and Asia. The company was no longer able to rely solely on its own development centers, however, due to lack of engineering talent and difficulties scaling. So they started looking for a partner that could offer flexible cooperation, access to a wide market of tech talent, and quick staffing for projects. In 2015, they signed a five-year contract with Intellias to develop a custom B2B payment processing platform with ample risk management and fraud prevention capabilities.
The most challenging part of the project was to comply with Payment Card Industry Data Security Standards (PCI DSS) to receive payments from customers. To be able to fulfill credit card payments, the company had to pass a PCI DSS compliance audit and obtain PCI DSS certification. To do this, they needed a strong security expert on their engineering team to ensure high-level information protection and control the process of compliance.
Our solution for PCI DSS compliance
Our client required a special expert with experience in security certification. Intellias offered a security officer who helped to organize all audit processes and who, after successful completion of the audit, has grown to the in-house Chief Information Security Officer. To help our client comply with PCI DSS requirements, we did the following:
- Assigned ownership of the compliance process to our security expert who had relevant experience in coordinating security activities
- Implemented required security features in the architecture of the solution
- Conducted an in-depth risk assessment to define potential security breaches
We focused on monitoring of the entire system to check its security vulnerabilities. After detecting these vulnerabilities, we needed to respond fast and resolve issues. Developing performance metrics for measuring success and failure in the PCI software compliance process was critical to implementing all necessary requirements. We prepared all documentation needed for PCI DSS certification from scratch to be ready for the audit and, most importantly, to guarantee continuous compliance after it.
The documentation about our client’s company and services that was prepared by our experts included:
- Antivirus Policy
- Cardholder Data Policy
- Firewall and Router Policy
- Information Security Policy
- Password Policy
- Physical Security Policy
- System Configuration Policy
- System Monitoring and Logging Policy
- Testing Systems and Processes Procedure
- Information Security Incident Management Policy
- Inventory and Ownership of Assets Policy
- Application and System Development Software Policy
- Managing Service Providers Policy
- Access Control Policy
- Information Security Awareness Program
- Information Security Responsibilities Policy Statement
- Individual User Agreement Template
- Data Classification Policy
- Data Protection Policy
- Data Management Policy
We’ve achieved great results and PCI DSS software compliance
After the audit was successfully completed, we prepared the client to comply with PCI DSS standards on a daily basis. For this, our security expert moved to the client’s in-house team as the full-time CISO to control all security activities.
Thanks to a fast compliance process, our client brought a solution to market that meets all industry standards and provides multi-acquiring, eWallets, online vouchers, instant banking, and bank transfers with over 100 localized payment options accessible to merchants worldwide through a single integration.
Our secure and PCI DSS compliant payment solution offers the following benefits to businesses:
- Real-time fraud management
- Customer profiling and verification
- Independent audit verification
- Extended back-office solutions
- DDoS mitigation
- A 13-terabyte data warehouse
- Real-time business intelligence reporting
- Cardholder data (CD) tokenization and secure CD storage vault
- Customizable UI for PCI-compliant CD input and transfer
- Payment API for third-party integrations