Case Study: How 3Cyber-Sec helped Paynetics – Phos Services Ltd. obtain PCI DSS and PCI CPoC standards?

Dec 15, 2021 | Case Studies | 0 comments

We are very happy when we have the chance to partner with passionate professionals in their field of work. Such was our experience with Paynetics – Phos Services Ltd. Representatives of the company contacted us back in the middle of August 2020 after we were recommended to them by another satisfied client. 

Phos Services ltd. is a company established in the United Kingdom that develops innovative, game-changing technologies. Their solutions allow merchants to accept card payments directly on their NFC-enabled Android devices, either smartphones or tablets. The company also integrates a variety of business applications for merchants like: 

  • marketing;
  • loyalty programs; 
  • payroll;
  • data-driven e-commerce tools.

Since it was founded in 2018, it shows rapid growth and innovative development. 

Phos Services Ltd.’s challenge

The company contacted 3Cyber-Sec because they needed specific help with one of their PCI certifications. They wanted to be able to meet all the requirements of the standard to be able to develop their mobile payment application in line with the industry security standards, ensuring they can securely accept payments by card on a mobile phone. The essential needs of the client were to:

  • Ensure cybersecurity throughout the development of innovative payment technologies;
  • Comply with industry regulations;
  • Obtain certification for the international standards PCI DSS and PCI CPoC;
  • Gain comprehensive cyber risk visibility.

3Cyber-Sec’s Solution 

We approached this task having extensive knowledge that can solve this specific case and offered our consultancy services for PCI CPOC requirements. There were some challenges within the project like the short deadlines and the fact that we had only remote access and contact with the Dev team. 

The extreme conditions and the limited time could not alter in any way effectiveness. We adopted a tailor-made approach to adequately address the situation. First, we began examining what has been done until the point we started working on the project. Then we analyzed the inconsistencies of the mobile application developed by our client related to the standard. Next, we correlated them to each of the requirements of the standard and wrote recommendations for compliance that the client should follow. 

With the support and active involvement of the management team, everything was done in time for achieving compliance. This is how we successfully supported Phos Services Ltd in solving their PCI DSS and PCI CPoC’s certifications.

“3Cyber-Sec is a greatly valued partner for Phos Services ltd. Throughout the development of our software POS, we were required to push the boundaries of FinTech cloud infrastructure and 3Cyber-Sec’s expertise has been critical in ensuring that we adhere to the highest standards of security at all times. Furthermore, 3Cyber-Sec’s team has guided us towards reaching the highest degree of payment security by helping us meet the requirements and obtain certification for the international standards PCI DSS and PCI CPoC. Additionally, 3Cyber-Sec’s vCISO service has enabled us to gain a better understanding of the cyber risks our company could be exposed to by portraying a comprehensive picture of our board-level behavior.” – Chief Technology Officer, Phos Services ltd. 

The outcome

With our help and recommendations, the client was able to further develop its application to a degree ready for certification tests. Also, this helped Phos Services be one of the first companies in the world to offer such a service.

When we started working on the project, the mobile application was not in line with the requirements of the PCI CPOC standard. In just 2 months we were able to navigate them in accordance with the exact requirements regarding InfoSec. With our work, we may have helped them shorten the time invested by almost a year. 

“We strongly appreciate 3Cyber-Sec’s consultants’ knowledge and proficient approach, as well as their ability to effectively translate technical security issues to business-driven top management.“ – Chief Technology Officer, Phos Services ltd.

Get Instant Access to Cybersecurity News & Advice