Security and Privacy

As a payment technology pioneer, Wibmo understands the security implications of the payment eco-system. Focus on security, and protection of data is among our primary focus areas. Security drives our organizational structure, training priorities and hiring processes.

Our security initiatives and certification programs have not only helped us enhance our security and privacy risk posture but also helped to protect our customer’s information. In addition, these programs have helped us manage risk effectively as well as meet varied compliance requirements.

Wibmo is PCI-DSS Compliant

PCI DSS compliance is one of the most stringent and most coveted security standard in the industry today. With 6 goals, 12 requirements and over 300 sub-requirements, for the cardholder data environment.

PCI Data Security Standard is developed by PCI Security Standard Council, a group of card brands in the world including Visa, MasterCard, Amex, JCB and Discover.

PCI compliance helps us Managing risk around identity theft and credit card fraud. It also helps us in Increasing protection of customer’s data.

Wibmo is PCI-3DS Compliant

Payment Card Industry 3-Domain Secure (PCI 3DS) is a PCI Core Security Standard by PCI SSC, supporting the functionality of EMVCo’s EMV 3D Secure core security protocol and respective core function specification.

PCI 3DS adds an extra layer of security that lets users authenticate themselves with the service providers or payment gateways during Card-Not-Present (CNP) transactions. It helps in reducing CNP payment frauds and assure security to payment service providers.

Wibmo is now PCI-SSLC Certified

The PCI Software Security Framework (SSF) is a collection of standards and programs for the secure design and development of payment application software. Securing payment software is a crucial part of payment transaction flow to facilitate reliable and accurate transactions.

The latest software development requires objective-focused security to support evolving development and update cycles than the traditional software development practices. The PCI SSF recognizes this supplement with a modern approach that can support security requirements in both contemporary and traditional payment software.

SSF provides Wibmo with security standards for building and maintaining payment software that protects payment transactions and data, reduces vulnerabilities, and fights against attacks. The SSF introduces a new methodology for validating software security and a separate secure software lifecycle qualification with robust security development practices.

Why PCI Software Security Framework (SSF)?

PCI Software Security Framework (SSF) is a combination of modern software security requirements that support evolving technologies, software types, and development methodologies.

SSF brings in objective-focused security practices that can support both existing ways to demonstrate good application security and a variety of newer payment platforms and development practices.

Wibmo is now ISO 27701 Certified

Wibmo is now ISO 27701 certified. The ISO 27701 certificate pertains to Privacy Information Management System (PIMS). The PIMS at enStage Software Private Limited (Wibmo Inc.) applies to its line of businesses: Access Control Server (ACS), 3D Secure Server (3DSS), Fraud Risk Management (Trident), Tridentity, Digital On-boarding, Payment Gateway, Token Hub,

Mobile & Digital Payment and Prepaid Payment with support functions of IT, Finance, Legal, Information Security and Privacy Team, HR, Sales & Marketing, Customer Support Team, Admin, Engineering, Development and QA Team, Production Management Team (PMT) from its location at Bengaluru, India.

The ISO 27701 certification audit covered 49 controls with regards to controller of Personally Identifiable Information (PII) as well as processor of PIIs. In capacity of controller, controls tested were Conditions for collection and processing; Obligations to PII principals; Privacy by design and privacy by default; and PII Sharing, Transfer and Disclosure. In capacity of processor, controls tested were Conditions for collection and processing; Obligations to PII principals; Privacy by design and privacy by default; and PII sharing, transfer, and disclosure. In nutshell, ISO 27701 audit covered controls such as Consent Management, Privacy Notice, Business Unit Processing Agreement (BUPA), Data Privacy Impact Assessment (DPIA), Data Subject Rights (DSR), Data Minimization, Data Retention, Data Transmission, and Disclosure of PII to Third-Party.

Wibmo is a GDPR ready organization

The GDPR’s primary aim is to enhance individuals control and rights over their personal data and to simplify the regulatory environment for international business. It also addresses the security of personal data transferred outside the EU and EEA areas. Our GDPR compliance ensures that we further secure sensitive customer and business data.

Wibmo has enabled Zero Trust Architecture – A first in the industry and FinTech world

With the shift to Hybrid work culture and work from anywhere, businesses like Wibmo face new cyber security threats. To counter the new and emergent threats due to this paradigm shift, we enabled the Zero Trust Architecture which was first in the payment industry and Fintech World. This security approach protects Wibmo and our customers by managing and granting access based on the continual verification of users, assets and resources.

A Zero Trust Architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established. Zero trust is a response to enterprise network trends that include remote users, bring your own device (BYOD), and cloud-based assets that are not located within an enterprise owned network boundary. Zero trust focuses on protecting enterprise resources such as assets, services, workflows, network accounts.

Wibmo has built Monitor, Detect and Response (MDR) capabilities in partnership with leading security service provider

Managed detection and response services allow us to rapidly detect, analyze, investigate and actively respond through threat mitigation and containment.

Wibmo has tied up with leading MDR solution provider . With round the clock- 24x7x365 security operations, we are able to monitor and hunt malicious threats earlier, contain and respond incidents, and uphold better cybersecurity posture.