PCI DSS compliance for international money transfer app

With a small team onboard, the client's capacity was restricted. The engineering team could only handle a specific, limited range of tasks, which fell short of the product's demands. So enhancing the system's capabilities to achieve more with less could help a lot.

Covering financial transactions and dealing with sensitive information, the client had strong commitments to its app users. Keeping all the data confidential and private no matter what was non-negotiable to reinforce the trust and confidence people placed in the platform.

Taking the security to the next level, the client wanted to gain PCI DSS compliance. In order to reach the standards and bypass the inspection, both the approaches and the system itself required some improvements, which were only possible with expert assistance.

Embracing the client's small team challenges, we orchestrated a comprehensive approach to enhance system security. With more understanding of alerts' severity, they can prioritize critical notifications effectively and act more strategically now.

Ensuring a smooth customer experience, the OpsWorks team implemented proactive system monitoring. Now every week, all instances and applications are scanned with the help of OpenVAS. At the same time, all the security alerts are configured through Wazuh and Suricata. Moreover, the code is analyzed for vulnerabilities during each deployment, and the process is blocked, if any.

Assisting the client and their app in meeting the core pillars of PCI Security Standards, our team optimized both approaches and the system. By setting up a Web Application Firewall, segregating the network into task-specific subnets, implementing intra-cluster traffic segmentation through NetworkPolicy, and taking other necessary actions, we have ensured PCI DSS compliance and made passing inspections a seamless process.