Mobile eCommerce Platform: PCI DSS Compliance

The client is working on building a software development kit for each mobile platform, as a service embedded into consumer apps and merchants’ systems, enabling more transactions and incremental value in a single ecosystem. The client had scheduled a qualified auditor from a PCI approved organisation to carry out a compliance audit to prove that the client was capable of handling card data management within their systems, processes and governance.

GreySpark was commissioned to assist during the Beta phase delivery to produce a production-ready environment, for the PCI DSS audit which officially occurred in September 2016.

GreySpark deployed a full-time team of a Partner, Lead Consultant and Analyst Consultant on the client site. The following took place:

• Review of internal PCI DSS documentation on the policies and governance frameworks ready for auditor review
• Engagement with key stakeholders to discuss the progress of the assigned tasks towards PCI DSS documentation and training, code development and infrastructure readiness
• Build of a card data environment with relevant connected systems and encryption technology for secure card data management
• Generation of project progress reports to track overall project performance

• Documentary evidence of compliance with PCI DSS
• Detailed and structured CDE (card data environment) infrastructure

• GreySpark documented clear policies that complied with the established 12 PCI DSS requirements.
• GreySpark delivered technical infrastructure within the scheduled timeline allowing the client to prepare for the PCI DSS audit.
• A successful audit was completed which granted the client with a Level 1 PCI DSS compliance status, enabling transactions with card payments and processing cardholder data.