INFORMATION SECURITY CASE STUDY

PCI Audit

Security event manager

01 Challenge

Our customer, high end, San Francisco based apparel company, decided to open their first online store in order to increase its customer base. Since 99 percent of the online payments involve credit cards, the company needed to ensure they would pass PCI Audits, and that their customer’s information is secure from unauthorized access. 

Scope of work

  • Audit network access and controls
  • Assess host security and encryption
  • Remediate violations to PCI DSS
  • Prepare PCI Audit documentation

02 Solution

Our team had followed the shopping flow which pointed to the network devices and servers involved in the credit card payment process. By performing penetration testing, we were able to identify vulnerabilities of all participating  systems. Subsequently, we have created a plan to remediate PCI violations and vulnerabilities without major interruptions to the customer’s online store.

Compliance chart

Technologies used

03 Effect

The remediation plan was deployed in two phases – the first phase involved patching and vulnerability mitigation, and the second, remediation of all PCI violations as per PCI standards. Following successful remediation implementation, our team completed all essential PCI Audit documents. As a result the customer passed the PCI Audit and maintained its sales trends. There were no interruptions to the sales process, business flow, and no impact to the customer online experience. 

Mobile app success stories

Let’s give your competitors something to worry about