AgentCASH/Bizzon Certified according to PCI DSS – a Success Story

5. August 2019

Photo from left to right: Dzeraldin Memisevic (usd AG), Tonči Damjanić (Agent Cash Ltd), Lorenz Heiler (usd AG)

Whether for start-ups or global players – a PCI certification project can pose a major challenge to any business. This makes it all the more enjoyable for us to look back on the success we have achieved together with our clients. After all, nothing provides better insights into a PCI assessment than the voices of the people involved.

In July, the London-based payment service provider and provider of mobile card readers and virtual terminals Agent Cash Ltd successfully completed this year’s PCI DSS certification for its payment platform AgentCASH (soon to be Bizzon) together with usd AG.

Tonci Damjanic, CTO Agent Cash Ltd: “usd AG has been supporting us as a consultant for several years now. Our first certification in 2016 was a PCI-DSS self-assessment for Level 2 Service Providers. We engaged usd AG to help us better understand the standard and the intention behind it. We have remained in the L2 status for the next two years when we started hitting transaction volume limits. Our customer base has grown and we added additional acquirers to our portfolio. Since 2018, we have had to conduct PCI DSS onsite assessments as a Level 1 Service Provider.

In 2018, we underwent a thorough platform rework that resulted in a much more flexible and secure environment. The new platform was reviewed by Dr. Kai Schubert and Lorenz Heiler of usd AG and after implementing all improvement recommendations, we gained the much-wanted certificate in July 2018. Apart from secure cryptographic devices, everything else is cloud-based and therefore extra challenging to assess from both the security and operational perspective. Despite that, after another onsite review conducted by usd’s Lorenz Heiler and Dzeraldin Memisevic this year, we have renewed our certification smoothly and in time.

From day one, we approached usd AG and their QSAs as partners that are here to help us build a better and more secure system. All meetings and discussions were done in a professional atmosphere, all decisions were made based on experience and common sense. In the end, the overall result of this work is a stable and resilient platform along with a long-term partnership between companies”.

Dr. Kai Schubert, Managing Security Consultant at usd AG: “I have always found AgentCASH’s forward-looking and proactive approach to be very positive. The cooperation was always constructive and it was clearly noticeable that AgentCASH takes security issues very seriously. Especially for a smaller company that was still in its start-up phase in 2016, I was impressed by their commitment”.

Lorenz Heiler, PCI Lead Assessor at usd AG: “PCI certifications in cloud environments can bring their own unique challenges. It is extremely helpful that our partners at AgentCASH are not only technically well versed, but also sincerely interested in securing their IT systems. This is why we have not only succeeded in achieving PCI compliance this year, but also managed to raise AgentCASH’s overall security level”.

Also interesting:

PCI DSS v4.0: INFI Worksheet Discontinued

PCI DSS v4.0: INFI Worksheet Discontinued

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet. INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs...

The Surprising Complexity of Finding Known Vulnerabilities

The Surprising Complexity of Finding Known Vulnerabilities

IT security professionals need an efficient and reliable solution for identifying known vulnerabilities in a software product, given its name and version. Our colleagues at usd HeroLab place high demands on such a solution. They evaluated several available solutions...

Categories

Categories