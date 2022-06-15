Bengaluru June 2022: Wibmo, a PayU company has been certified as a ‘PCI Secure SLC qualified Company.’ The brand is now among the top 10 companies in the world to get this certification.

With the increased number of digital transactions, there has also been an increase in cybercrime, which necessitates additional safeguards to ensure the safety of software and platforms used by customers, particularly in the payments industry.

This certification will strengthen customers’ trust in Wibmo and give them extra assurance that they are in safe hands when using the company’s software solutions.

The PCI Secure SLC Standard is intended for companies, who build software for the payments industry. Being Secure SLC certified shows that the company has an established secure software development lifecycle.

The PCI Secure Software Lifecycle (SLC) Standard is a component of the PCI Software Security Framework that assists software vendors in designing and integrating security at each stage of the software lifecycle. Software vendors can appoint a Secure SLC Assessor to assess and validate their SLC for compliance with the Secure SLC Standard. The Secure SLC Assessor documents the assessment and validation in a Report on Compliance (ROC). The PCI SSC’s Secure SLC-Qualified Software Vendors list includes software vendors who have gone through this validation process.

Wibmo attained the PCI S-SLC certification through an independent assessment by SISA, a Qualified Security Assessor (QSA) and one of the top 4 global PCI Forensic Investigators (PFIs).

The certification journey consisted of three phases, viz., Gap Assessment, Validation and Listing. In the first phase, SISA carried out the application source code review, forensic analysis and security testing, which culminated in identifying vulnerabilities and providing recommendations for mitigating them. In the second phase, SISA performed an offsite evaluation of action points, review of all PCI S-SLC requirements and re-testing of the application to verify that all action points identified during the initial application security testing have been mitigated. Thereafter, SISA prepared the final Report on Compliance (RoC) and Attestation of Compliance (AoC) and issued the Certificate of Compliance (CoC) after the application was listed, post the review of documents by the PCI Assessor Quality Management (AQM) team.