Case Study: Nomad Engages Galix To Become PCI DSS Compliant – Meets Challenging Deadlines
This is why it’s critical that organisations engage and collaborate with experts who can guide the process through the vigorous steps, thus ensuring that the objectives are achieved on route to successful PCI DSS compliance outcomes.
Nomad Information Systems (PTY) Ltd provides end-to-end secure payment processing solutions that encompass cost efficient hardware, software, security and support services for retailers across South Africa. Nomad ensures complete peace of mind by being immersed in the heart of the retailer’s card payments with solutions that are affordable and impactful.
The company’s solution includes dynamic, customisable, bespoke payments and Value-Added Services (VAS) solutions that are backed by service level agreements and financial packages that suit the retailer’s requirements.
A journey of a thousand miles starts…
“Nomad engaged Galix IT Compliance in December 2018 to assist with its PCI DSS compliance journey. Nomad was facing pressing deadlines and selected Galix as its compliance provider of choice due to their industry knowledge, expertise and willingness to deliver on our vision within the prescribed deadlines.” explains Kieran Young, Strategic Projects Coordinator at Nomad.
Galix’s PCI DSS methodology includes a thorough examination of the current processes and procedures to assess what areas require immediate attention and to develop a gap analysis of what actions need to be addressed to meet the compliance mandates within the stipulated project timelines.
“We have five processes that we follow to ensure our customers meet their PCI DSS obligations, including critical validation and assessment steps. In order to meet Nomad’s deadline, we had weekly update sessions with them to iron out any issues, assess the status of their business processes, and where they were in terms of progress, milestones and achievements on the compliance roadmap,” says Johannes Briel, QSA at Galix.
Briel further stated, “Fortunately, Nomad didn’t have any major compliance issues which, considering the time factor, was a plus. The PCI DSS journey, however, isn’t just about ticking boxes but understanding that when working with payment data you have a fundamental obligation to safeguard critical information.”
Young notes that the Nomad team relied heavily on Galix’ PCI DSS expertise. “Galix supported us throughout the rigorous process. Meeting PCI DSS’s requirements entails a number of critical steps which is why it’s important to engage with a company that offers expert level of PCI DSS knowledge. Our relationship with Galix strengthened throughout and we have since evolved from an engagement model and now consider Galix a partner to our business.”
Briel adds: “PCI DSS has 12 requirements which can seem daunting at first but we look at the whole and then break it into the parts which makes the process less complex. Also, trust plays such an important role, something that we built over the project by providing Nomad with all the support they needed to realise their PCI DSS compliance.”
PCI DSS compliance is by no means static, but is rather an ongoing process that requires stakeholder commitment and importantly, maintenance and monitoring of the procedures. To this end, Nomad and Galix continue to partner to ensure that the payment provider meets its yearly PCI DSS auditory obligations. “Nomad will provide continuous evidence that it is PCI DSS compliant which is why maintenance and monitoring are so important,” explains Briel.
“As part of our managed services offering, we monitor and maintain Nomad’s PCI DSS posture on a monthly basis which includes evidence collection, and critical analysis, which is critical to ensure that Nomad remains compliant.”
Young Concludes: “Being a PCI DSS compliant company, Nomad customers have confidence that they too have partnered with a company that safeguards their valuable cardholder data. Also, as part of their own compliance journey, retailers can rest assured that their card payment processing needs meet the necessary regulatory standards.”