To provide added value, long-term, multistream consultancy including payment industry compliance, cyber security, and technical testing to a geographically dispersed, rapidly growing organization within a highly regulated and highly competitive industry sector.
Advantio provided PCI DSS consultancy and assessment as well as technical security services for this geographically dispersed company with a technical environment based on a mix of on-premises, private cloud, and third-party, public cloud services.
The EU's biggest Buy Now Pay Later (BNPL) provider acts as an issuer and payment gateway service and provides payment solutions to merchants and consumers in more than 20 countries, including the EU, US, and AP. It offers direct payments, 'pay after delivery' options and installment plans in a one-click purchase experience through both mobile and desktop shopping experiences. All this allows their customers to pay after the actual purchase.
It also manages cardholder data using a hybrid cloud computing environment that incorporates on-premises infrastructure components, private cloud setup, and third-party public cloud services.
With more than 3,000 employees representing more than 100 nationalities, the client is committed to promoting a diverse workforce with a shared goal of reshaping the shopping experience for avid shoppers.
Advantio provided advisory and consultancy services regarding PCI compliance of the company's new services, infrastructure changes and additional product introductions. This included a PCI DSS assessment of the client’s Cardholder Data Environment as well as technical security services such as penetration testing.
Key Challenge 1:
Advantio performed a PCI DSS assessment for a unique hybrid cloud infrastructure consisting of several cloud environments and on-premises environments bound together by technology and service provider responsibilities.
Key Challenge 2:
As part of the PCI DSS assessment, Advantio helped define and formalize how PCI DSS controls are shared between the company and its service providers. This affects the degree of PCI DSS responsibility for both parties.
Advantio helped to understand how PCI DSS requirements are shared between the company and its Service Providers across the cloud service categories.
Additionally, Advantio validated the segmentation of a cloud-computing infrastructure and confirmed that the PCI environment of the company is adequately isolated from other cloud and hybrid tenants.
Tell us more about you and one of our experts will call you back