Lahore (Muhammad Yasir) iPath (Pvt) Ltd has become Pakistan’s first company to attain the PCI Secure SLC Certificate. Secure SLC is the first global PCI standard to focus on the vendor’s software development process and methodology rather than the payment application itself. This standard aims to embed payment application security principles early in the software development lifecycle and provides security controls and processes implemented into current industry-accepted SDLC practices. By obtaining this compliance, iPath’s software development is validated to protect sensitive customer payments data by building necessary security features and processes deep into the software development lifecycle. This certification was attained via PCI QSA Firm Risk Associates, a premier global information technology company, which is a certification body of Payment Card Industry Security Standards Council (PCI SSC).
The PCI Secure Software Lifecycle (standard SLC) emphasizes implementing security concepts and activities throughout the software development lifecycle. Speaking at the occasion, Mr. Ali Shah Asani, CEO – iPath, commended the entire team for their hard work and efforts towards achieving this milestone. He expressed, “Over the course of the past few years, we have witnessed that the definition and methods of security threats in the payment sphere have largely evolved and require new strategies of building security deep-rooted within payment software to reduce attack surface; our journey towards becoming the first Pakistani company to attain PCI Secure SLC compliance has imparted our entire team with a modern-day approach at global best practices to infuse security in our software development lifecycle”. He added, “Achieving Secure SLC not only validates our adherence to a cutting edge PCI standard enabling us to deliver high-quality, secure software, but it is also a testament to our commitment towards providing our customers with best-in-class payment solutions.” Mr. Abdus Samad Khan, COO iPath, applauded the entire team and expressed, “Traditionally, payment software vendors developed applications and then evaluated security vulnerabilities.
PCI secure SLC, on the other hand, changes the equation by shifting security towards the very left and in every aspect of the organization, not confined to the payment app alone. Prior to becoming the first IT Company in Pakistan to obtain the PCI Secure SLC, we had to undergo an extensive validation process, and the ongoing support from Risk Associates encouraged us to take all the preparatory actions to achieve this milestone.” He added, “And this compliance with the PCI Secure SLC showcases our adaptability to changing security threats, leading to increased customer trust. Banks are lately focusing on remote teams and resource augmentation, and having a Secure SLC vendor instills trust of the institution in our abilities”. The occasion was attended by Mr. Kashif Hassan, Managing Director at Risk Associates, who stated, “Working with iPath throughout the certification process has been a pleasure and witnessing their commitment to protecting the integrity and confidentiality of payment transactions and customer data by accommodating the Risk Associates team with the required information.
The Secure SLC Certification is proposed for vendors developing payment applications/software that supports or facilitates payment transactions. We commend iPath on becoming the first Pakistani PCI Secure SLC vendor and the 7th globally”. This certification proves that software developed by the iPath team is secure in design and protects payment transactions and sensitive consumer data. In addition, achieving this certification shows iPath’s higher commitment to the ongoing changes in the payment application landscape.