We were engaged by a Fortune 500 financial services company that had to prepared for security directives and regulations and ensure that personal and payment consumer data were protected. As an example, consumers were accessing client’s services not only in the U.S., but also in the European Union. Compliance with legal frameworks such as GDPR (General Data Protection Regulation) and PSD2 (Payment Services Directive) was one of the objectives of the matter.
We developed a detailed plan to meet all security standards and implemented all technical requirements to guarantee compliance with relevant legal frameworks. More specifically, some of the tasks we completed in this project were:
- Developed multi-factor authentication (MFA) by creating biometrics, behavioral analysis and one-time password (OTP)-based solutions on the online and mobile channels
- Provided gap assessment and implemented best practice recommendations based on established security standards, such as the ISO/IEC 27000 series
- Implemented advanced encryption algorithms for data and followed protocols to generate and secure cryptographic keys
- Recommended specific one-way hash functions and data truncation methods to meet PCI DSS requirements
- Provided firewall rules and anti-spoofing filters to ensure that only trusted data enter the system
- Designed and optimized the data governance, data management and policies needed to meet regulations
- Tested authentication mechanisms via a customized software emulator that simulated complex hacking methods to access data
- Implemented and standardized detailed data reporting and dashboards
The client was pleased with our overall implementation of security standards and data reporting. Our work had direct impact to the compliance reporting costs, which were reduced by about 20%. Additionally, the analytic cycle time of the client’s operations team decreased by 60%.
Note: This work was performed prior to joining Stout.