Personalized PCI DSS Compliance Assessment for Leading Payment Tech Provider, Bottomline Technologies

Challenge

As payment technologies evolve, new compliance requirements intended to protect cardholder data have become paramount. Compliance with the PCI DSS is essential, especially for organizations that deploy solutions touching the credit card data environment (CDE), or organizations that could impact the CDE’s security. That’s why finding a PCI DSS Qualified Security Assessor Company (QSAC) is so important.
Bottomline had two different applications that needed to undergo PCI DSS assessments and obtain a Service Provider Report on Compliance. The company had performed internal reviews, but this was going to be the first formal PCI DSS assessment for these platforms. The company needed to understand exactly what to do to become PCI DSS compliant, including:

• How to train staff and other members of the workforce that interacted with the CDE
• How to understand the evidence and artifacts needed to show that controls were in place and operating effectively through a period of time
• What policies and procedures needed to be developed and implemented

Result

After performing a detailed readiness review which allowed Bottomline to remediate the noted gaps, both platforms obtained ROCs. We’ve continued to work with Bottomline over the years to ensure that new changes to either platform
follow the additional controls added to the PCI DSS.