A PayU Company - Wibmo Gets India's First PCI Secure SLC Certification by SISA

Wibmo, a PayU company has been certified as a ‘PCI Secure SLC qualified Company.’ The brand is now among the top 10 companies in the world to get this certification.

With the increased number of digital transactions, there has also been an increase in cybercrime, which necessitates additional safeguards to ensure the safety of software and platforms used by customers, particularly in the payments industry.

This certification will strengthen customers' trust in Wibmo and give them extra assurance that they are in safe hands when using the company's software solutions.

The PCI Secure SLC Standard is intended for companies, who build software for the payments industry. Being Secure SLC certified shows that the company has an established secure software development lifecycle.

The PCI Secure Software Lifecycle (SLC) Standard is a component of the PCI Software Security Framework that assists software vendors in designing and integrating security at each stage of the software lifecycle. Software vendors can appoint a Secure SLC Assessor to assess and validate their SLC for compliance with the Secure SLC Standard. The Secure SLC Assessor documents the assessment and validation in a Report on Compliance (ROC). The PCI SSC's Secure SLC-Qualified Software Vendors list includes software vendors who have gone through this validation process.

Wibmo attained the PCI S-SLC certification through an independent assessment by SISA, a Qualified Security Assessor (QSA) and one of the top 4 global PCI Forensic Investigators (PFIs).

The certification journey consisted of three phases, viz., Gap Assessment, Validation and Listing. In the first phase, SISA carried out the application source code review, forensic analysis and security testing, which culminated in identifying vulnerabilities and providing recommendations for mitigating them. In the second phase, SISA performed an offsite evaluation of action points, review of all PCI S-SLC requirements and re-testing of the application to verify that all action points identified during the initial application security testing have been mitigated. Thereafter, SISA prepared the final Report on Compliance (RoC) and Attestation of Compliance (AoC) and issued the Certificate of Compliance (CoC) after the application was listed, post the review of documents by the PCI Assessor Quality Management (AQM) team.

According to Pravin Kumar, CISO of Wibmo, a PayU company, Wibmo's information security strategy focuses on enabling business and creating a competitive advantage over the long term for our company. The entire team has supported this mission over the last year, and we now stand out from our competitors. We have received many certifications in the past year, including ISO 27001, ISO 27701, SOC2, GDPR readiness, and many more.We are in the payment software business, so it was imperative that we provide assurance from a reputable agency to our existing and prospective clients. We decided to pursue PCI - SLC certification for all our platforms with the assistance of our partner SISA. With their help, we were able to achieve this prestigious certification. It is heartening to hear that we are the first in India and one of very few in the world to get this certification. “

“With the payment technology landscape rapidly evolving, the need for implementing the right security controls, especially for payment software has risen tremendously. PCI S-SLC is designed to support a wider range of technologies, payment software types, and development methodologies compared to PA-DSS. These standard addresses key security principles such as governance, threat identification, vulnerability detection and mitigation, security testing, change management, secure software updates, and stakeholder communications. Being S-SLC certified demonstrates that you have a mature secure software development lifecycle in place. SISAs partnership with Wibmo underlies our effort to enable and empower Wibmo grow and deliver safe solutions to its customers. We congratulate Wibmo for attaining the PCI S-SLC compliance certificate and appreciate their efforts and commitment towards building a highly secure payment environment for their customers,” said Dharshan Shanthamurthy, CEO and Founder, SISA.