Mercco
Mercco acquired Payfirma, a payment processing company. Upon transfer of ownership, Mercco realized that Payfirma was not compliant to the required industry standard of PCI-DSSv3.2.1. This posed a risk to Merrco who feared being fined for being a credit card processing Service Provider by the credit card brands VISA, MasterCard and American Express. They engaged EZITconnect to help conduct the audit preparation and guide the auditors through the audit process. EZITconnect performed a pre-assessment to identify gaps and created a plan to achieve compliance. During the planning phase, it was observed by EZITconnect that Payfirma had not implemented a centrally managed antivirus/antimalware solution. Payfirma believed that due to their primarily Mac environment, it was not required. EZITconnect explained the risk to them from a IT security and compliance perspective. In addition to developing missing policies and procedures and fine tuning their operations practises, EZITconnect deployed managed endpoint security aligned to section 5 of PCI-DSS. This allowed for centrally managed, un-modifiable policy configuration, automated policy updates, patching and 24/365 security monitoring of alerts for their corporate computers. EZITconnect helped Payfirma throughout the QSA auditor led assessment to achieve industry compliance (PCI-DSS) and solved the issue Merrco faced with the Credit Card brands.