Galitt, a European security expert, mobilizes its cybersecurity skills to support customers for certification across all payment channels
Boulogne-Billancourt (France), January 27, 2020
Galitt, a Sopra Steria (Euronext Paris: SOP) company, now has two Qualified Security Assessors (QSA), experts recognized as entitled to conduct PCI DSS audits. This comes as a complement to an already extensive security audit offer, which allows Galitt to perform audits for all aspects of payment systems.
Thanks to its team of experts in payment means and its longstanding experience in cybersecurity, Galitt is able to conduct audits and deliver cybersecurity consulting services covering various types of payment means. This way, Galitt customers, including financial institutions, merchants, data centers, e-commerce players, hospitality industry and others can all benefit from Galitt skills to be audited as part of their certification programs. Players of this ecosystem are able to benefit from the company support in order to obtain and/or maintain their certifications:
- Galitt now has two Qualified Security Assessors (QSA), Coralie Chevallier and Jean-Louis Lamacchia. Thus, they are entitled to perform PCI DSS security audits according to PCI Council requirements.
- Galitt also proposes PCI CP (Card Production) audits that cover all security aspects of payment card production, including both logical and physical aspects. Coralie Chevallier is certified as a Card Production Security Assessor (CPSA) by PCI. Consequently, she is entitled to complete security audits of card production sites, regardless of the payment scheme.
- For the markets covered by the GIE Cartes Bancaires, Galitt proposes to execute the REMPARTS (REnforcement et Maîtrise sur Parc Acceptation – Résilience, Transparence, Sécurité) audits that cover the security of sites managing acceptance systems, or POS terminals.
- Galitt is able to complete EMV Modular Label audits that allow POS terminal developers to benefit from the EMVCo optimized process, thus reducing their certification costs and lead times.
- Galitt will also propose Swift audits that cover the security of high-value financial transfers.
In addition to the audit offer, Galitt consultants bring their support to customers in order to help them not only to set up the most appropriate technologies and processes to obtain a certification but also to be re-certified and maintain their certification status over time.
Especially for this purpose, Galitt has developed a series of tools that allow customers to monitor closely their certification-related actions, establish roles and responsibilities, control procedures and documentation. These tools are directly linked with certification requirements and audit methods; thus, they ensure customers are in the best position to obtain and to keep their PCI certifications.
As certified auditors, Galitt experts have established a trusted relationship with the PCI SSC (Security Standards Council) and have submitted their comments to feed into the specification process for version 4 of the PCI DSS standards, scheduled for the end of 2020 at the earliest.
Remi Gitzinger, Galitt Executive Director – Payment Consulting, declares: “Thanks to the expertise of our consultants we are recognized by the PCI Council as assessors for several of their programs. Now, we are considering building upon this expertise to provide Europe-based investigators qualifying for PCI Forensic Investigations, to deliver technical investigations to customers who may be victims of security breaches. In this domain, time is of the essence, and our Europe-based investigators will be able to make interventions in a matter of hours after a security breach is identified.”