As a Global PCI DSS Certification provider, earlier this week QRC Assurance and Solutions Pvt Ltd, successfully certified Transaction Technologies Private Limited (DBA as SmartPesa) for PCI DSS v3.2.1.
SmartPesa has developed a CPoC mobile application i.e. SmartPay. SmartPesa’s clients remain largely banks, switches, and acquirers. Using this application banks and acquirers will be able to accept credit or debit card payment via the merchants’ mobile phone. This application uses a white label application (in house developed application called SmartBank) to make a secure transaction via intent call. Merchants need to have NFC-enabled android devices to use the said CPoC application. Transaction flow is started from a White-Label application and then it will trigger the CPoC application to perform the EMV Contactless transaction.
The PCI DSS standard is a set of requirements designed to be followed by any organization that stores, processes, and (or) transmits cardholder data and prevents frauds on payment card information, put forth by the Payment Card Industry Security Standards Council (PCI SSC).
The QRC team headed by security consultant Hare Krishna Tiwari (QSA) and SecOps team, conducted a thorough assessment of the entire cardholder environment, completing the duly testing of the IT assets as per the PCI DSS requirements and scope defined in the early phase of engagement. The gaps recognized in the security posture were remediated with the continual coordination and support by the SmartPesa team (Ramesh Jairam, Michael Box, Kean Fook Lee, Phuc Nguyen) that provided the essential necessary information and access to the environment.
Post remediation and rigorous testing activities conducted over the environment and assets, and assertion on complete compliance, all the findings were documented in the standard RoC and AoC report format as per the defined PCI DSS documentation guideline.
“The entire engagement with QRC was exceptional. Well run audit process with attention to details. The auditors are highly experienced and had an in-depth knowledge of the PCI requirements. This aided in an efficient audit process and timely completion of the certification. Great thanks once again to Mr.Vamsi Krishna, Hare Krishna, and the greater QRC team for making this a success. Will definitely engage QRC for our future certification requirements.” Ramesh Jairam, CEO SmartPesa.
By implementing all the security controls as per the PCI DSS standard in their scoped environment to protect the cardholder data during storage, processing, and transmission, SmartPesa got certified for Level 1 PCI DSS compliance. This has proved a significant milestone in SmartPesa 's dedication to assisting the growing companies to safeguard themselves from the reputation and resource damage that security breaches create.
ABOUT QRC Assurance And Solutions Pvt. Ltd
QRC Assurance and Solutions has been a forerunner on the cybersecurity front, empanelled with CERT-in, certified to provide PCI DSS QSA, PA QSA, PCI 3DS, PCI SSF, ISO 27001, ISO 27701 Certifications along with other security compliance services. As the forerunners in Cyber Security Space, we support our customers to establish, document, implement and maintain Data Security and Privacy frameworks to protect their sensitive data from all Internal / External Threats and manage the confidentiality, integrity, availability, Security, Privacy of such information systematically.
ABOUT Transaction Technologies Private Limited :
SmartPesa develops payment and agency banking solutions for merchants and banks across the globe, taking care of the tech so they don’t have to. Using an intuitive mobile app and/or card terminal, merchants enjoy a simple unified one-stop tool for accepting smart multi-channel payments online and offline, instant access to transaction histories, and automated reconciliations. SmartPesa’s last-mile agency banking solution drives financial inclusion by extending the banking network into rural areas quickly and painlessly. SmartPesa is a Mastercard Start Path alumni company.