Velocitor Solutions is a leading software development firm specializing in the design, development and deployment of mobile and wireless software solutions. The company delivers its solutions across a broad arena of market segments, including transportation/logistics, direct store delivery (DSD), field service and field sales. Periodically, a Velocitor client requests a cutting-edge application feature that is customized according to their unique business model.
A large service-based company approached Velocitor to develop a mobile application that would enable field associates to accept payments remotely at the customer site. With the help of ControlScan Security Consulting Services, Velocitor successfully modified its development environment to build a secure mobile payment application, laying the foundation for future development opportunities involving field-based payments. In addition, with guidance from ControlScan, Velocitor achieved PCI DSS validation as a Level 1 Service Provider to assure clients that data security is a business priority.
North Carolina-based Velocitor Solutions, a leading software development firm specializing in the design, development and deployment of mobile and wireless software solutions, is no stranger to network and data security; however, the company experienced a notable increase in the number of clients asking about the PCI Data Security Standard (PCI DSS) over the past 18 months as field-based payment activities became more prevalent.
When a large service-based company approached the company to develop a mobile application so field associates could accept payments remotely, Velocitor recognized the opportunity to conduct a formal PCI assessment and audit of its business and software application development standards.
“Our business strategy within the mobile marketplace created a challenge, in that it required us to re-examine our network environment and development processes to ensure the security of the current and future mobile payment applications we create,” said Rich Pacella, Velocitor Solutions president and co-founder. “This challenge prompted us to seek the assistance of a recognized expert in PCI compliance and security.”
Velocitor selected ControlScan to perform a PCI DSS gap assessment and audit of its business systems and processes. Shortly after beginning the engagement, the value of choosing ControlScan became evident when some of the traditional PCI best practices couldn’t relate to applications developed for the Windows mobile handheld device. Considering the fundamental principles these best practices were based upon, the ControlScan QSA suggested that Velocitor develop a tokenization solution to protect payment data as it passed from the client side to Velocitor’s hosted system.
“Because Velocitor is often asked to develop cutting-edge applications, our initial concern was how we could meet our client’s unique functional requirements and simultaneously assure the security of the data being passed through the application,” said Pacella. “The ControlScan QSA helped us find creative ways to apply security best practices to our development process. And, because ControlScan puts standard data security principles first, the process of validating PCI compliance was greatly simplified.”
ControlScan took a comprehensive approach to Velocitor’s business, addressing overall security as it relates to Level 1 Service Provider PCI compliance. This included reviewing and updating the company’s documentation, as well as creating a comprehensive Report on Compliance (RoC), to meet the requirements set forth by the PCI Security Standards Council.
According to Pacella, Velocitor’s engagement with ControlScan’s Security Consulting Services was well worth the time it took to assess and upgrade the company’s documentation and practices.
“We assigned controls to our systems and processes so that these controls could be applied uniformly across our business environment,” said Pacella. “This enabled us to not only develop the best, most secure mobile payment application for our client, but it also built awareness and enforced discipline across our organization.”
Velocitor Solutions now has the processes and policies in place to guide it toward future success in developing secure mobile payment solutions. In addition, the company’s PCI DSS validation as a Level 1 Service Provider serves as a feather in its cap when being evaluated by a prospective client.
“The benefits of PCI compliance are numerous in terms of near-term and long-term business opportunities for Velocitor,” said Pacella. “We’re on a very positive path moving forward.”