Wibmo, a PayU company, Secured India's 1st PCI Secure SLC Certification by SISA, A Cybersecurity Company

This certification establishes the brand as the first Indian company to obtain this certification, which is critical for companies developing payment software.

Wibmo, a PayU company has been certified as a ‘PCI Secure SLC qualified Company.’ The brand is now among the top 10 companies in the world to get this certification.

With the increased number of digital transactions, there has also been an increase in cybercrime, which necessitates additional safeguards to ensure the safety of software and platforms used by customers, particularly in the payments industry.

This certification will strengthen customers' trust in Wibmo and give them extra assurance that they are in safe hands when using the company's software solutions.

The PCI Secure SLC Standard is intended for companies, who build software for the payments industry. Being Secure SLC certified shows that the company has an established secure software development lifecycle.

The PCI Secure Software Lifecycle (SLC) Standard is a component of the PCI Software Security Framework that assists software vendors in designing and integrating security at each stage of the software lifecycle. Software vendors can appoint a Secure SLC Assessor to assess and validate their SLC for compliance with the Secure SLC Standard. The Secure SLC Assessor documents the assessment and validation in a Report on Compliance (ROC). The PCI SSC's Secure SLC-Qualified Software Vendors list includes software vendors who have gone through this validation process.

Wibmo attained the PCI S-SLC certification through an independent assessment by SISA, a Qualified Security Assessor (QSA) and one of the top 4 global PCI Forensic Investigators (PFIs).

The certification journey consisted of three phases, viz., Gap Assessment, Validation and Listing. In the first phase, SISA carried out the application source code review, forensic analysis and security testing, which culminated in identifying vulnerabilities and providing recommendations for mitigating them. In the second phase, SISA performed an offsite evaluation of action points, review of all PCI S-SLC requirements and re-testing of the application to verify that all action points identified during the initial application security testing have been mitigated. Thereafter, SISA prepared the final Report on Compliance (RoC) and Attestation of Compliance (AoC) and issued the Certificate of Compliance (CoC) after the application was listed, post the review of documents by the PCI Assessor Quality Management (AQM) team.

According to Pravin Kumar, CISO of Wibmo, a PayU company, Wibmo's information security strategy focuses on enabling business and creating a competitive advantage over the long term for our company. The entire team has supported this mission over the last year, and we now stand out from our competitors. We have received many certifications in the past year, including ISO 27001, ISO 27701, SOC2, GDPR readiness, and many more.We are in the payment software business, so it was imperative that we provide assurance from a reputable agency to our existing and prospective clients. We decided to pursue PCI - SLC certification for all our platforms with the assistance of our partner SISA. With their help, we were able to achieve this prestigious certification. It is heartening to hear that we are the first in India and one of very few in the world to get this certification. “

“With the payment technology landscape rapidly evolving, the need for implementing the right security controls, especially for payment software has risen tremendously. PCI S-SLC is designed to support a wider range of technologies, payment software types, and development methodologies compared to PA-DSS. These standard addresses key security principles such as governance, threat identification, vulnerability detection and mitigation, security testing, change management, secure software updates, and stakeholder communications. Being S-SLC certified demonstrates that you have a mature secure software development lifecycle in place. SISAs partnership with Wibmo underlies our effort to enable and empower Wibmo grow and deliver safe solutions to its customers. We congratulate Wibmo for attaining the PCI S-SLC compliance certificate and appreciate their efforts and commitment towards building a highly secure payment environment for their customers,” said Dharshan Shanthamurthy, CEO and Founder, SISA.

About Wibmo

Wibmo Inc., a Cupertino, California company is a subsidiary of PayU. It is a global full-stack PayTech company an industry leader in payment security and digital payments in emerging markets, partnering with 130+ banks across 28 countries. The company is the largest authentication service provider in India, one of the world's leading digital payment markets. It also offers solutions ranging from mobile payments, fraud and risk management, prepaid solutions, and a host of merchant and acquiring services.

Learn more about Wibmo: https://www.wibmo.co/ or reach out to us at: sales@wibmo.com.

About SISA

SISA is a global cybersecurity company, with offices in 14 countries, including Bangalore, India and Irving, Texas. SISA helps organisations grow with true cyber-security with robust preventive, detective, and corrective security services, and solutions.

By taking the problem first approach and leveraging its experience as a Top 4 Global Payment Forensic Investigator (recognised by PCI Security Standards Council), SISA helps its 2,000 customers in 40+ countries focus on their business growth by taking care of their cybersecurity challenges.

For more information, visit www.sisainfosec.com or write to Aparna Gajanan at aparna.gajanan@sisainfosec.com

India's Exclusive Payment Data Security Forum Focuses on Securing Payment Data in the Pandemic Era

The PCI Security Standards Council (PCI SSC) hosted its second annual India Forum on payment data security online on 9 December, drawing nearly 1,000 registrants representing leading players in the Indian payment card industry.

Industry speakers at this year’s event included representatives from the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), Amazon Internet Service Provider Limited (AISPL), SISA, and Pine Labs. Leading tech companies like Google and Netflix attended India’s exclusive payment data security forum.

PCI SSC’s executive team provided key PCI Standards updates including plans for the next revision of the PCI Data Security Standard (PCI DSS) as well as information about the important issues of software security and contactless payments. 

P. Vasudevan, Chief General Manager, Reserve Bank of India who delivered the keynote address, highlighted RBI’s preference of interoperability in the payment ecosystem and reinforced the importance of PCI Security Standards in developing these systems for a safer payment ecosystem. He further spoke about the best practices, enhanced infrastructure, industry collaboration required to help protect payment card data in the country.

Industry leaders also discussed the impact COVID-19 had on the payments and security industry. The PCI SSC provided updates on the various resources and adjustments made to better support the needs of the global payments industry during the pandemic. The regional speakers focused on observations and learnings from data frauds and breaches in India, while providing a progressive outlook of the payment’s ecosystem in the country. Nitin Bhatnagar, Associate Director – India, PCI Security Standards Council, said that this year’s event is especially important, stating: “Digital payments have become a way of life in India in 2020, due to the pandemic. As a result, the country becomes an increasingly attractive target for cybercriminals and security of cardholder data must be a top priority. Today’s discussion brings together expertise from top leaders across the industry to address the biggest challenges facing data security in India.”

Lt. General (Dr) Rajesh Pant, India’s National Cybersecurity Coordinator, emphasized the importance of adhering to data security standards, as India is one of the most cyber attacked countries in the world. “2020 will be remembered not only for the pandemic, but also as the year of India’s digital transformation. We have observed people adapting to and adopting the means of working from home, collaborating virtually, e-governance, online transactions. Unfortunately, we have also witnessed an exponential rise in the number of cyber-attacks in the country,” he said.
 
Lance J. Johnson, Executive Director, PCI Security Standards Council, added: “According to recent reports, cybercrime is expected to reach 6 trillion USD in damages by 2021 which makes it one of the greatest threats to economic success for businesses in almost every country around the world. Together we must rise to the challenge of fighting all payment crime, but especially cybercrime to ensure that everyone, from business owners to employees and customers can do business securely and continue to prosper. This event is an important part of our efforts to create awareness, share knowledge and foster greater participation from Indian organizations in the work we do globally to improve payment security.”
 
Lt. Gen. (Dr) Pant added, “One of the key security challenges is that industry stakeholders observe security as a cost overhead and not an essential investment. When fintech companies design their solutions, security must be built into it and should be a wrap-around component. Cybercriminals and fraudsters are always one step ahead of the industry, and so going forward, planning and building secure business models will be critical. I have seen the rigidity and the secure transaction environment provided by the PCI Data Security Standards (PCI DSS) and strongly recommend all big verticals and the industry to adopt these.”
 
Ahead of the upcoming National Cybersecurity policy, Lt. Gen. (Dr) Pant highlighted the vision of the national cybersecurity strategy is to ensure a safe, secure, trusted, resilient and vibrant cyberspace for India’s prosperity. Emphasizing on the Indo-US strategic partnerships he further added that, “Among the several global standards, the PCI Security Standards fit well when it comes to relevance and reliability. Cybersecurity is a team sport; everyone has a role of play and global collaboration will be the key towards a safe cyberworld."

PCI Security Standards Council Publishes New Standard for Contactless Payments

Today the PCI Security Standards Council (PCI SSC) published a new data security standard for solutions that enable merchants to accept contactless payments using a commercial off-the-shelf (COTS) mobile device (e.g., smartphone or tablet) with near-field communication (NFC). Using the PCI Contactless Payments on COTS (CPoC™) Standard and supporting validation program, vendors can provide merchants with contactless acceptance solutions that have been developed and lab-tested to protect payment data.

“Providing the payments industry with standards and resources that support secure payment acceptance in new and emerging card and card-rooted payment channels is a key focus for the Council,” said PCI SSC Standards Officer Emma Sutcliffe. “The PCI CPoC Standard is the second standard released by the Council to address mobile contactless acceptance. Specifically, the PCI CPoC Standard provides security and test requirements for solutions that enable contactless payment acceptance on a merchant COTS device using an embedded NFC reader."

“Contactless, or tap and go, payment adoption is on the rise globally, and merchants want affordable, flexible and safe options for contactless payment acceptance that allow them to best serve their customers. In addition to PCI Software-based PIN Entry on COTS (SPoC) Solutions that enable contactless payment acceptance with a dongle attached to the mobile COTS device, the PCI CPoC Standard and Program now provide merchants the option to use validated solutions that require no additional hardware to accept contactless transactions,” said PCI SSC Senior Vice President Troy Leach.

The PCI CPoC Standard includes security requirements for vendors on how to protect payment data in CPoC Solutions and test requirements for laboratories (labs) to evaluate these solutions through the supporting validation program. Validated CPoC Solutions are listed on the PCI SSC website as a resource for merchants and acquirers. Program details are outlined in the CPoC Program Guide, which is available now on the PCI SSC website.

The primary elements of a CPoC Solution include: a COTS device with an embedded NFC interface to read the payment card or payment device; a validated payment acceptance software application that runs on the merchant COTS device initiating a contactless transaction; and back-end systems that are independent from the COTS device and support monitoring, integrity checks and payment processing. Software-based PIN entry is not permitted in a CPoC Solution.

Through a combination of the security controls built into the merchant application and ongoing monitoring and integrity checks performed by the back-end systems, merchants and consumers can have confidence in the security of the CPoC Solution and the contactless transaction.

“Developed with the input of the global payments industry via the requests for comments (RFC) process, the CPoC Standard is a continuation of the Council’s efforts to provide merchants with secure mobile payment acceptance options they can trust to support their customers and protect the integrity and confidentiality of their payment data,” added Leach.

The PCI CPoC Standard and Program documents are available on the PCI SSC website.

For more information on the new CPoC Standard and Program read PCI Perspectives Blog post Just Published: PCI Contactless Payments on COTS.

About the PCI Security Standards Council

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

~ Businesswire India