AgentCASH/Bizzon Certified according to PCI DSS – a Success Story

5. August 2019

Photo from left to right: Dzeraldin Memisevic (usd AG), Tonči Damjanić (Agent Cash Ltd), Lorenz Heiler (usd AG)

Whether for start-ups or global players – a PCI certification project can pose a major challenge to any business. This makes it all the more enjoyable for us to look back on the success we have achieved together with our clients. After all, nothing provides better insights into a PCI assessment than the voices of the people involved.

In July, the London-based payment service provider and provider of mobile card readers and virtual terminals Agent Cash Ltd successfully completed this year’s PCI DSS certification for its payment platform AgentCASH (soon to be Bizzon) together with usd AG.

Tonci Damjanic, CTO Agent Cash Ltd: “usd AG has been supporting us as a consultant for several years now. Our first certification in 2016 was a PCI-DSS self-assessment for Level 2 Service Providers. We engaged usd AG to help us better understand the standard and the intention behind it. We have remained in the L2 status for the next two years when we started hitting transaction volume limits. Our customer base has grown and we added additional acquirers to our portfolio. Since 2018, we have had to conduct PCI DSS onsite assessments as a Level 1 Service Provider.

In 2018, we underwent a thorough platform rework that resulted in a much more flexible and secure environment. The new platform was reviewed by Dr. Kai Schubert and Lorenz Heiler of usd AG and after implementing all improvement recommendations, we gained the much-wanted certificate in July 2018. Apart from secure cryptographic devices, everything else is cloud-based and therefore extra challenging to assess from both the security and operational perspective. Despite that, after another onsite review conducted by usd’s Lorenz Heiler and Dzeraldin Memisevic this year, we have renewed our certification smoothly and in time.

From day one, we approached usd AG and their QSAs as partners that are here to help us build a better and more secure system. All meetings and discussions were done in a professional atmosphere, all decisions were made based on experience and common sense. In the end, the overall result of this work is a stable and resilient platform along with a long-term partnership between companies”.

Dr. Kai Schubert, Managing Security Consultant at usd AG: “I have always found AgentCASH’s forward-looking and proactive approach to be very positive. The cooperation was always constructive and it was clearly noticeable that AgentCASH takes security issues very seriously. Especially for a smaller company that was still in its start-up phase in 2016, I was impressed by their commitment”.

Lorenz Heiler, PCI Lead Assessor at usd AG: “PCI certifications in cloud environments can bring their own unique challenges. It is extremely helpful that our partners at AgentCASH are not only technically well versed, but also sincerely interested in securing their IT systems. This is why we have not only succeeded in achieving PCI compliance this year, but also managed to raise AgentCASH’s overall security level”.

Also interesting:

usd PCI Best Practice Workshop 2021

usd PCI Best Practice Workshop 2021

For many years, the usd PCI Best Practice Workshop has brought together responsible PCI personnel from companies of all sizes and from all industries to discuss current topics from the world of payment card industry together with PCI experts from usd. The interactive...

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...

Categories

Categories