A global leader in electronic payments, ACI developed its point-to-point encryption (P2PE) solution as part of its UP Merchant Payments portfolio that enables merchants to securely accept and process a wide variety of payment transactions.
“We wanted to validate ACI’s secure P2PE solution against the PCI P2PE standard in response to customer demand and additional business opportunity,” says David Tvrdy, director of product development, AOD Deal Desk at ACI.
After an existing Payment Application Data Security Standard (PA-DSS) vendor recommended Coalfire’s P2PE validation services, ACI included Coalfire in its pursuit of a P2PE Qualified Security Assessor (QSA) (P2PE) company. “After comparing companies, Coalfire’s global reach, extensive market and industry presence, and proven ability to deliver the services to other payment system leaders immediately stood out,” Tvrdy states.
Following a competitive selection process, Coalfire was chosen as the QSA (P2PE) company for the validation of ACI’s P2PE solution.
In collaboration with ACI’s U.S., European, and South African teams, Coalfire leveraged its global presence and deep technical knowledge to assess gaps, deliver advisory services, and perform a P2PE validation assessment. Coalfire’s comprehensive capabilities were key to advising ACI through the entire process and providing more than just an assessment (validation) service.
Coalfire conducted a workshop to understand ACI’s technical situation and business goals, and then provided advisory services to help ACI implement technical and process changes necessary for P2PE validation. Finally, Coalfire conducted the P2PE assessment.
Achieving the PCI P2PE listing was a significant effort, but Coalfire helped ACI choose efficient and cost-effective ways to address control gaps. “We learned a lot from Coalfire’s P2PE QSAs. The guidance and knowledge that Coalfire provided allowed us to tighten up our processes and procedures,” says Tvrdy.