Resources

Personalized PCI DSS Compliance Assessment for Leading Payment Tech Provider, Bottomline Technologies

Michael E. Kanarellis

Bottomline Technologies, a payment technology vendor and a Forbes Top 50 Fintech, has several solutions designed to help companies send and receive payments. These platforms simplify the transaction processing related to accounts payable and digital banking. Knowing the level of detail required for a formal Payment Card Industry Data Security Standard (PCI DSS) assessment, the company turned to Wolf to help them through the upcoming processes.

Challenge

As payment technologies evolve, new compliance requirements intended to protect cardholder data have become paramount. Compliance with the PCI DSS is essential, especially for organizations that deploy solutions touching the credit card data environment (CDE), or organizations that could impact the CDE’s security. That’s why finding a PCI DSS Qualified Security Assessor Company (QSAC) is so important.
Bottomline had two different applications that needed to undergo PCI DSS assessments and obtain a Service Provider Report on Compliance. The company had performed internal reviews, but this was going to be the first formal PCI DSS assessment for these platforms. The company needed to understand exactly what to do to become PCI DSS compliant, including:

  • How to train staff and other members of the workforce that interacted with the CDE
  • How to understand the evidence and artifacts needed to show that controls were in place and operating effectively through a period of time
  • What policies and procedures needed to be developed and implemented

Solution

Wolf’s QSA team worked diligently to assist the company in this effort. We created an aggressive schedule and framework to keep the project timeline tight and deliver the assessment on time. We offered Bottomline a true value-add experience, helping the company face specific PCI challenges and other security and compliance issues.

“When we originally looked for a QSAC, we were looking for a firm that would grow with us and not just conduct ‘checkbox’
audits. We needed a partner that would be responsive to our needs and be a trusted security and audit advisor for us. Our extensive diligence helped us choose Wolf. Now, several years into the relationship, we know we made the right choice,” said Michael Weathers, CISO of Bottomline Technologies.

Wolf has proven to be an outstanding partner for Bottomline with regards to PCI DSS compliance. Their attention to
the nuances of our PCI scope were excellent, and their tailored approach helped us ensure our compliance. Wolf was very open to safely engaging us during the pandemic to address the specific challenges brought on by COVID-19. Those efforts showed Wolf’s true value as a partner. We’ve been very pleased with our relationship and have further engaged Wolf to address our SOC 1, SOC 2, and compliance areas.”

Michael Weathers

CISO

Bottomline Technologies

Result

After performing a detailed readiness review which allowed Bottomline to remediate the noted gaps, both platforms obtained ROCs. We’ve continued to work with Bottomline over the years to ensure that new changes to either platform
follow the additional controls added to the PCI DSS.

A thorough audit allowed the company to operate with confidence knowing they have proper PCI DSS policies and procedures in place.

Industry experts helped navigate a complex regulatory environment, analyzing their systems and providing comprehensive solutions to ensure compliance and initiate innovation.

Trust established during the initial review led to subsequent successful engagements.