Skip to content

Case Study Technology/Finance Industry

How a Fintech Streamlined PCI DSS Requirement 6.5 and Increased Developer Engagement

Security Journey Case Study FinTech Header
Streamlining PCI DSS Requirements and Engaging Developers
Download The Case Study
Security Journey Case Study FinTech Header

The Company

The fintech company that boasts the title of “the first payments unicorn in Mexico, is based in Mexico City. Side note: Mexico is the 12th largest economy in the world.

The company provides a wide range of payment solutions that make digital payments simple and easy to access, democratizing financial services in Mexico in the process.

Download The Case Study

Region

North America

Number of Users

1,000

Company Size

Mid-Size

Industry

Financial

Compliance Requirements

PCI

The Challenge

Security Journey Case Study FinTech

The results from the security test did not look good. While all the developers had completed their video-based secure coding training, a requirement to check the box for PCI compliance, it was clear from the final report that some development team members had not fully grasped the content. There were patterns in their coding practices that concerned the company. A portion of the development team had missed simple steps that would have eliminated some vulnerabilities.

The development team received secure coding training to fulfill Requirement 6.5 of the PCI DSS specification. But the company needed to do more than check a requirements box. They had to have improved application security. And what they saw was that they needed a better training solution

The fintech company had established a set of criteria for evaluating secure coding training solutions to replace their previous solution. 

  • PCI DSS-specific Content - Fintechs that handle credit card payments and store personally identifiable information (PII) must comply with the PCI Data Security Standard. 

  • Simple Compliance Tracking and Reporting - The company wanted to significantly streamline its ability to track and report on completion of the training so that its administrators didn’t spend tens of hours monitoring and chasing after developers to wrap-up their training in time.

  • Engaging and Effective Platform - After getting feedback from the engineering team that the video-based training the company had used in the past was boring and repetitive, one of the priorities for the new solution was that the platform had to be engaging.

  •  Programming Language Support - The company has hundreds of developers that work in a broad range of different programming languages and they had to be sure the secure coding training supported all of them.

  • Comprehensive Content Coverage - The OWASP Top 10 fulfills the basic PCI requirements. However, due to the nature of its business, the company wanted a secure coding training solution to provide lessons on API security and mobile security.

  • Ease of Deployment - Since the information security team handles many responsibilities, the solution had to be simple to set up and deploy.

  • Buy-in from the Engineering Team - While the information security team was responsible for evaluating and selecting the solution, the engineering team would take the training.

The Solution

We're Here Every Step of the Way

After carefully evaluating HackEDU's secure coding training platform, the company chose to move forward with them. The platform met all the fintech company's requirements they had set for their developers' training. During the proof of concept phase, the company's security and engineering teams became fans.

"When we tested HackEDU, we found the challenges and hands-on lessons attractive for the information security team. Also, the proof of concept for the engineering team was attractive. The platform was cool and interesting".

Simple Deployment

Once the training was rolled out, the company discovered that not only did HackEDU meet its requirements for a new training platform, but it surpassed them in ways they didn't expect. "It was really easy to set up the platform and integrate all users using single sign-on (SSO). We only had to give them access to the platform, and they already had all the mandated courses set up for them by the team. We did the entire rollout in less than two weeks." 

Engagement

"Something that really got my attention was one user found he had access before the official launch, before the official communications, and he completed the training before it even rolled out."

"Even though our developers are very busy, they are making the time to complete the training. That says to me that they really like the training. I even have people approach and ask for access to other training modules that are not required."

Easy Reporting and Audit Compliance

"One of the criteria we had for selecting a platform was really easy reporting and to see how well everyone's doing in their training. What I like is there's a visual to easily see who's not started the courses. We can easily send out notifications and reminders through the Slack integration.

For compliance, we can easily download the completion report for the people who have finished everything – it's easy to track and provide evidence of completion. It shows the names and completion dates. That's pretty much what we need from a compliance perspective."

Download The Case Study

What Our Customers Say

SecurityJourney_Testimonial_fin

Security Journey was collaborative with the team at Zoom to help understand our needs and how they could help us reach our goals. 

Robert Walker, Secure Software Development Lead at Zoom

SecurityJourney_Testimonial_fin

As an engineer, I love the hands-on problems! I think it's a really great challenge and also does a great job of making sure folks are paying attention. I'd highly recommend this.

Security Journey Customer, Information Technology

SecurityJourney_Testimonial_fin

I like to take up the HACKEDU training to brush-up my skills and the most liked part is the hint and explanation.

SecurityJourney Customer, IT Service Management Company

SecurityJourney_Testimonial_fin

Security Journey works in that you have to actually solve problems and code. I think that in terms of measuring the effectiveness, Security Journey is a fantastic product.

Robert Walker, Secure Software Development Leader at Zoom

SecurityJourney_Testimonial_fin

It's nice to be able to consume smaller segments of training without requiring me to block large time blocks.

Security Journey Customer, Health and Wellness Company

SecurityJourney_Testimonial_fin

When I was searching for a replacement to the Secure Code Warrior training, it was important that I find a provider who appreciated my business no matter how many developers I had. Security Journey welcomed my business, and even helped me create custom learning paths specific to my needs.​

Seth Strumph, CTO of Optimal Workshop

Download the Case Study

How a Fintech Streamlined PCI DSS Requirement 6.5 and Increased Developer Engagement

Download The Case Study