Simplifying securing PCI DSS compliance

7. July 2019

VR Payment and usd AG smooth the way for merchants’ compliance validation

About VR Payment

VR Payment is the specialist for cashless payments of the cooperative financial group Volksbanken Raiffeisenbanken and is one of the leading payment providers in Germany. On the basis of around 120,000 POS terminals and over 5 million credit cards, VR Payment processes a total transaction volume of around 38 billion euros. Around 300 employees work for the e-money institution at its locations in Ettlingen and Frankfurt am Main. VR Payment is a company of the DZ BANK Group.

Removing Barriers, Raising Security Levels

VR Payment wanted a comprehensive PCI DSS compliance management solution for its customers, including a white-label platform that allows extensive customization. On the platform, their customers were to be guided pragmatically and expertly through the PCI DSS compliance validation process.

“All companies that accept credit cards are obliged to comply with the PCI DSS standard – and must also regularly prove this. Our goal is to make this verification process as easy as possible for our customers and thus lower the inhibition threshold,” explains Patricia Brenner, Product Manager Acquiring and E-Commerce at VR Payment. “Of course, there must not be any compromises in the formal correctness of the PCI DSS verification.”

Patricia Brenner, VR Payment

Making Compliance More Attainable

As an accredited PCI Qualified Security Assessor, we are aware of the challenges that PCI DSS Compliance Management poses to acquirers. Extensive expertise and human resources are necessary to provide competent and motivating support to merchants in the demanding process of validating their PCI DSS compliance. In addition, acquirers must ensure that the changing requirements of the PCI SSC and the credit card organizations for compliance validation processes are always implemented. We have designed the usd PCI Compliance Program to solve this tension. The usd Service Management provides a fixed contact person to the acquirer throughout the entire course of the PCI Compliance Program. The Service Management is responsible for the implementation of current legal and regulatory requirements. A PCI platform that can be accessed online with a variety of software-based support mechanisms makes it considerably easier for merchants to provide their proof of compliance. Should merchants require additional support, the usd PCI Competence Center is available to assist them by telephone and email.

Simplifying Processes to Raise Compliance Rates

As part of our PCI Compliance Program, we simplify verification processes for merchants as much as possible without losing sight of our goal: more security. In order to achieve this goal for VR Payment as well, we intensively discussed the company’s solutions with VR Payment’s product management. We familiarized ourselves with their different products and services until we knew them as well as our own. Together we developed custom-fit simplifications of compliance verification processes and used our experience and expertise to optimize VR Payment’s products with regard to PCI DSS compliance. Thus, we provide merchants who use a payment product from VR Payment with everything they need to know about PCI DSS compliance right from the start.

“The usd PCI Compliance Program is individually tailored to the needs of our customers. On the PCI platform, our merchants are no longer asked for technical details about their payment processes, but can directly select the payment solution they purchased from us. The correct steps to validate PCI compliance is then automatically determined for them on the basis of the payment solution. This shortens the process and saves the merchant a lot of time and effort,” says Brenner.

“The greatest advantage for our merchants is the in-depth product knowledge of the usd PCI Competence Center. If a merchant is not sure, for example, which VR Payment solution he is using or what data he needs to provide, the PCI Competence Center can offer concrete assistance. We can see that this approach is being well accepted by the continuously increasing compliance rates”, the VR Payment expert adds.

Competent Advice for Merchants Right From the Start

By a comprehensive PCI Compliance Program, we mean that we provide targeted support not only to merchants, but also to VR Payment employees and their partners. In individually designed trainings, we teach the sales teams of VR Payment’s partner banks what is important for PCI DSS compliance. This enables them to give their merchants a well-founded introduction to the demanding PCI compliance process right from the start.

For Patricia Brenner, this is an important point in terms of customer service: “Together with usd AG, we have been able to win over more than one hundred of our partner banks from the cooperative financial group for a PCI DSS basic training course. In this way, we ensure that merchants receive competent and comprehensive advice directly upon concluding the contract; right from the start.”

Committed to Each Individual Customer

Validating PCI compliance is a feat of strength for any company. However, we know that VR Payment’s merchants face different challenges depending on their size. Therefore, we support them according to their individual needs. Small and medium-sized customers fulfill their proof of compliance with reduced effort via the PCI platform. Large retailers and service providers are accompanied personally and extensively on site by our accredited PCI experts.

Enjoying Joint Success as Partners

Susanne Pfitzner, usd Service Manager for PCI Platforms : “We’ve been working successfully with VR Payment since 2013. The successes we have achieved together are not least the product of constructive cooperation based on mutual appreciation. And the goal that we share with each other: to create more security.”

Susanne Pfitzner, usd AG

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories