wantedly.com
PCI DSS Compliance
Designing and building a fully PCI DSS compliant technical infrastructure was a requirement of PCCL's partnership with Visa Europe. I was the technical lead and ensured we achieved the highest level of compliance possible - as a Level 1 Service Provider. This included hardening network security of our systems, building new networks within our current building, splitting our "at risk" data and processing out into isolated systems and building new compliant interfaces to facilitate communication and compliance between these components. This included an in-memory one-way card number scrubber and hasher, GPG-enabled file drop-boxes with in-memory encryption. Servers were enhanced with OSSEC FIM and IDS systems and other monitoring tools. I also designed the development process for handling changes to "in scope" systems.