Many of our customers initially came to us with questions regarding their clients’ PCI-DSS compliance, engineering, and how we make sure apps are built correctly and ready to scale. Jelecos is one of the only service providers in the nation with third-party PCI certifications in both infrastructure and app development. We have put together a list of the top 5 questions that are most commonly asked by companies vetting application development solutions.
Read more below about how we’re helping our clients achieve their business goals with PCI-DSS application development and deployment.
5 Questions About Jelecos’ Services
What advantages does Jelecos offer in terms of PCI DSS and PA DSS compliant app development?
There are many. Among them:
Jelecos employs a standards-based coding approach comprised of a number of security best practices (such as those outlined by Open Web Application Security Project (OWASP) and others). The app development team also codes specifically to prevent certain types of attacks — cross site scripting, SQL injection, and access control violations, among them — as required for PCI compliance. Third-party penetration tests are conducted to validate the apps.
Third-party and internal code reviews.
Code reviews are a PCI requirement. They are also an integral component of the software development process at Jelecos. That includes third-party code reviews and peer code reviews. Many development projects are validated using penetration testing as well as code review services such as Veracode.
In-depth PCI app development expertise.
Jelecos developers have extensive experience in developing PCI-compliant apps. They also have in-depth knowledge of both PCI-DSS and PA-DSS requirements. In addition, Jelecos has a long list of customers to attest to the effectiveness and quality of those apps.
Qualified staff; staffing oversight
In addition to their demonstrated expertise in PCI-compliant app development, Jelelcos engineers undergo background checks and engage in frequent security awareness training. There is also segregation of duties, as required by PCI-DSS, between personnel assigned to the development/test environments and those assigned to the production environment. This ensures that no single individual that has end-to-end administrative control of the system.
Jelecos has third-party PCI certifications in both infrastructure and app development.
What advantages do customers get from working with Jelecos as opposed to developing the app(s) internally?
Confidence of PCI-compliant app development.
Jelecos ensures that apps are built correctly from the ground up to meet PCI requirements so they don’t have to be retrofitted to comply.
Faster time-to-market or time-to-value.
Jelecos’ utilization of custom libraries and reusable frameworks speeds up the process, and time is money!
No need to change internal processes.
Jelecos employs mature development and release processes with all appropriate workflows and tollgates in place to ensure compliance. No changes in processes or infrastructure are required on your part.
A compliant team.
At Jelecos, all hiring processes, planning processes, architecture and development processes, operational processes, facility processes, and segmentation of roles/responsibilities are done with compliance in mind.
Are the apps that Jelecos developed “certified” as compliant or just developed to the compliance standards? Is there any guarantee included with them?
Jelecos is flexible, and work with you in whatever way best meets your needs.
We can take you most of the way to full compliance, and then you can decide if you want to do external scans, pen tests, code reviews, etc. If you want the full menu of services to get you to full PCI compliance for your app, we do everything necessary to ensure compliance with the version of PCI published during the development of the app (currently, v3.2)
What kind of apps or other payment industry solutions does Jelecos provide/create?
Whatever you need, chances are Jelecos can deliver.
The following are just some of the solutions available. We’re always happy to discuss specific needs or requirements:
Multi-party payment processing*
Multi-payment rail consolidation/reconciliation/integration*
L2/L3 P-card enablement*
Hosted, self-hosted, and API / non-hosted payment gateways*
Integration of tokenization, end-to-end encryption and other security technologies*
Native app-based e-commerce (card not present)
Direct payment gateways
Local bank integration
Security and technical controls to meet PCI requirements
Vertical-specific payment processing apps and gateways