PCI-DSS compliant IT partner: A subscription economy growth catalyst
Security is no secret sauce – especially if you are one of today’s subscription businesses. It is probably the first thing your customers think of when they give you their payment data. What’s more, the data is often shared with third-party integrators who manage your subscription management platform. The smart save? Cue in credit card data security solutions with a PCI-DSS compliant IT partner. For instance, if you use Zuora for your subscription management needs, it’s smart to seek support from a Zuora implementation partner that is PCI-DSS compliant. The accredited IT firm will take care of your payment information security via its secure credit card processing. It’s that simple.

What does PCI-DSS compliance mean for an IT company working with credit card data?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of stringent global security requirements to ensure the safety of credit card data. Any organization that handles, processes, stores, and/or transmits cardholder data must be PCI-DSS compliant.

PCI-DSS is administered by the Payment Card Industry Security Standards Council (PCI SSC), an autonomous body formed by five international banking moguls (Visa, MasterCard, American Express, Discover, and JCB).

In today’s subscription climate, businesses need a modern implementer for their subscription management platform. For top-notch solutions, this IT partner company needs to access your customer base’s credit card data. Herein, a PCI-DSS compliant IT partner can be key.

Zuora is the world’s leading subscription management platform. A PCI-DSS compliant Zuora implementation partner can be a game-changer for your subscription business.

What qualifies as tough credit card data security solutions?

PCI-DSS compliance is the single global standard for cardholder data safety. Any enterprise stamped with this accreditation is treated as a world-class provider of credit card data security solutions. Not to forget, this is a payment data security standard mandated by five major players in the international banking field. Hence, a PCI-DSS compliant IT partner is the sturdiest padlock you can find for ensuring your subscription payment data’s security. And in today’s subscription climate, a PCI-DSS compliant Zuora partner might just be what you are looking for.

PCI-DSS involves a rigorous twelve-step action plan. Organizations eyeing secure credit card processing and vying to be PCI-DSS compliant partners must meet the following requirements.

What are the twelve steps to becoming a PCI-DSS compliant partner?

1. Install and maintain a firewall configuration
2. Implement strong settings for passwords
3. Ensure the security of stored cardholder data
4. Encrypt data transmitted over public networks
5. Use anti-virus programs and update them regularly
6. Maintain and update all systems and applications
7. Limit access to cardholder data on a need-to-know basis
8. Assign a unique ID to each person with system access
9. Restrict physical access to payment information data
10. Track and monitor all network and cardholder data logs
11. Regularly audit security systems for vulnerabilities
12. Maintain an enterprise-wide information security policy

The ultimate goal of each of these steps is to ensure credit card data security. Here is a brief run-down:
1. Install and maintain a firewall configuration – Properly placed firewalls and router policies control incoming and outgoing data. To be PCI-DSS compliant, partners must install such configurations in, out, and around the card data environment.
2. Implement strong settings for passwords – Devices such as routers and POS systems typically ship with factory-set passwords and usernames. The manufacturer’s default settings are easily hackable, so a strong password configuration of all operating devices and systems is non-negotiable for secure credit card processing.
3. Ensure the security of stored cardholder data – Partners who wish to be PCI-DSS compliant must be clear about the scope, location, and retention period of the payment information data they intend to store. Data must also be truncated, tokenized, or encrypted using acclaimed algorithms (like AES-256, RSA 2048). For the safety of PAN card data, the partner should regularly run data discovery tools like PANscan or PIIscan.

These actionable insights on how to avoid data breaches can also come in handy.

4.  Encrypt data transmitted over public networks ­– Cardholder data is primarily passed to payment gateways and processors for transaction processing. TSH, SSH encryption, etc. can prevent the possibility of data theft and secure credit card processing.
5.  Use anti-virus programs and update them regularly – An up-to-date anti-virus routine helps keep malware at bay. Anti-virus and anti-malware programs on a PCI-DSS compliant partners site must always be active, using the latest versions, and generating timely logs.
6.  Maintain and update all systems and applications – PCI-DSS certification calls for applications regularly updated with the latest security patches. For secure credit card processing, all pathways in the PCI-DSS landscape – from browsers to operating systems to POS terminals – must be covered under the updates.
The 12-point requirement for a PCI-DSS compliant partner
Required actions to become a PCI-DSS compliant partner
7. Limit access to cardholder data on a need-to-know basis – Role-based access control (RBAC) must be in place in the PCI-DSS compliant partner’s ecosystem. Names of team members with access to data along with their respective roles must be documented.
8.  Assign a unique ID to each person with system access – All team members with organization-provided system access must have a unique and complex password. Remote employees must adhere to multi-factor authentication.
9.  Restrict physical access to payment information data – Physical pathways to locations where cardholder data resides must be secured using electronic access controls like CCTVs. A potential PCI-DSS compliant partner establishes electrical access controls to distinguish authorized employees from general employees and workplace visitors.
10. Track and monitor all network and cardholder data logs – All systems in the PCI-DSS landscape must have updated audit policies. They must also be connected to a centralized Syslog server. The latter must be reviewed daily to detect and address anomalies and ensure secure credit card processing.
11.  Regularly audit security systems for vulnerabilities – Security audits like wireless analyzer scans, quarterly examination of external IPs and domains (by PCI ASV) along with annual application & network penetration tests, and internal vulnerability scans must be an integral part of the PCI-DSS compliant partner’s security routine.
12. Maintain an enterprise-wide information security policy –The IT company’s information security policy must be reviewed annually and shared with all stakeholders. This will maintain the basis for secure credit card processing. Alongside, there should be an annual risk assessment identifying all critical assets, threats, and vulnerabilities.

Does your credit card data service provider really need PCI-DSS certification?

Yes, it does! Tying up with an IT partner known for the most secure processing of credit card data brings numerous benefits to your business table. A PCI-DSS compliant partner not only helps you build better customer trust, but also arrests data breaches, threats, and losses.

A PCI-DSS compliant Zuora partner that keeps itself updated with the latest industry trends on payment data security is the perfect fit. The partner must be aware of the evolution of credit card data security over the ages. Watch this video by PCI Security Standards Council for a perspective.

The stringent security checks mandated by PCI-DSS ensure holistic payment card data security. With subscription economy on the rise, this can be a trailblazer for your subscription business.

A modernized subscription business ultimately is the key to the world of customer engagement.

Estuate is the first-ever Zuora partner to receive the PCI-DSS certification

We are the first global system integrator in the Zuora ecosystem to receive PCI-DSS certification. Numerous businesses around the world rely on us for the security and governance of their data, including payment and credit card information. The PCI-DSS certification is an added layer of protection to ensure the secure processing of credit card data.

Ensuring compliance with PCI-DSS is one of the strategic initiatives of our Zuora practice team. Over the past 9+ years, this group of Zuora-certified consultants has driven 400+ successful Zuora implementations worldwide.

To reach our Zuora center of excellence, click here.

Check all our certifications in detail, click here

Does pairing up with a PCI-DSS compliant IT partner sound smart to you? What else do you look for in a subscription platform enabler? Let us know on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Prem Shankar Patel
Senior Manager
Prem brings nearly three decades of analytics and information management experience to Estuate. He is a recognized expert who has received several awards over the years. In 2003, he was awarded the Center of Excellence (CoE) Champion Award for introduction of advanced training and certification for BIDW architects and consultants. In FY03-04 and FY04-05, he received the Best Faculty of the Year Award for his significant and effective contribution as a faculty member in the delivery of BIDW training. Previously in 2005, he received the Feather in My Cap (FIMC) Award for defining metrics for BIDW projects and establishing organizational norms. Prior to joining Estuate, Prem worked in various strategic positions at Wipro Limited and R S Software (India) Ltd. He holds an M. Tech in Computer Science from the Indian Statistical Institute, Kolkata.
Nagaraja Kini
Founder and Chief Financial Officer
Nagaraja has more than two decades of engineering, business development, consulting, alliances and management experience in software development, integration and implementation. He has worked extensively with global teams to consistently simplify ERP implementations for businesses. Nagaraja brings with him the commitment, willingness, and capability to anticipate and act on the continually evolving needs of a business.
Prior to founding Estuate, Nagaraja served at Oracle as Director in Application and Industry Solutions group within Global Sales Support. Nagaraja holds a Master of Technology in Industrial Electronics from the National Institute of Technology, Surathkal, and a Bachelor’s in Engineering from the SJ College of Engineering, Mysore, India.
Nagaraja Kini
Founder and Chief Financial Officer
Nagaraja has more than two decades of engineering, business development, consulting, alliances and management experience in software development, integration and implementation. He has worked extensively with global teams to consistently simplify ERP implementations for businesses. Nagaraja brings with him the commitment, willingness, and capability to anticipate and act on the continually evolving needs of a business. Prior to founding Estuate, Nagaraja served at Oracle as Director in Application and Industry Solutions group within Global Sales Support. Nagaraja holds a Master of Technology in Industrial Electronics from the National Institute of Technology, Surathkal, and a Bachelor’s in Engineering from the SJ College of Engineering, Mysore, India.
Marc Hebert
Chief Operating Officer
Marc joined Estuate in December, 2008 as its first Chief Operating Officer. Marc is a recognized expert on offshore outsourcing. He has appeared on CNN’s Lou Dobbs Tonight, was interviewed in Investor’s Business Daily, and has been widely quoted in major media publications, including the Wall Street Journal, Forbes, Fortune, Financial Times, New York Times and Boston Globe on offshore outsourcing. He is recognized as an “IBM Champion” for his role in expanding the market for IBM’s Information Lifecycle Governance product line.
Prior to Estuate, he served in leadership roles at large global corporations, including as the CMO at Virtusa Corporation; EVP, Marketing and Alliances for Sierra Atlantic; and Vice President for eight years at Oracle Corporation. Marc holds a Bachelor of Science degree in experimental psychology from Harvard University, and an MBA from Stanford University.
Marc Hebert
Chief Operating Officer
Marc joined Estuate in December, 2008 as its first Chief Operating Officer. Marc is a recognized expert on offshore outsourcing. He has appeared on CNN’s Lou Dobbs Tonight, was interviewed in Investor’s Business Daily, and has been widely quoted in major media publications, including the Wall Street Journal, Forbes, Fortune, Financial Times, New York Times and Boston Globe on offshore outsourcing. He is recognized as an “IBM Champion” for his role in expanding the market for IBM’s Information Lifecycle Governance product line. Prior to Estuate, he served in leadership roles at large global corporations, including as the CMO at Virtusa Corporation; EVP, Marketing and Alliances for Sierra Atlantic; and Vice President for eight years at Oracle Corporation. Marc holds a Bachelor of Science degree in experimental psychology from Harvard University, and an MBA from Stanford University.
Seemakiran Upadhya
Global Delivery Head and Managing Director, India
Seemakiran brings to Estuate more than 25 years of experience in the IT industry. She has been successful in building high-performing teams for the Delivery, Sales, and Operations departments. She was instrumental in setting up Estuate’s India center. Prior to joining Estuate, Seemakiran worked at Satyam, where she developed, tested, and implemented software projects in Oracle Technologies across multiple domains. She is highly proficient at working with a global client base.
Seemakiran holds a Bachelor’s degree in Electronics & Communication Engineering from Karnataka University.
Seemakiran Upadhya
Global Delivery Head and Managing Director, India
Seemakiran brings to Estuate more than 25 years of experience in the IT industry. She has been successful in building high-performing teams for the Delivery, Sales, and Operations departments. She was instrumental in setting up Estuate’s India center. Prior to joining Estuate, Seemakiran worked at Satyam, where she developed, tested, and implemented software projects in Oracle Technologies across multiple domains. She is highly proficient at working with a global client base. Seemakiran holds a Bachelor’s degree in Electronics & Communication Engineering from Karnataka University.
Prem Shankar Patel
Senior Manager
Prem brings nearly three decades of analytics and information management experience to Estuate. He is a recognized expert who has received several awards over the years. In 2003, he was awarded the Center of Excellence (CoE) Champion Award for introduction of advanced training and certification for BIDW architects and consultants. In FY03-04 and FY04-05, he received the Best Faculty of the Year Award for his significant and effective contribution as a faculty member in the delivery of BIDW training.
Previously in 2005, he received the Feather in My Cap (FIMC) Award for defining metrics for BIDW projects and establishing organizational norms. Prior to joining Estuate, Prem worked in various strategic positions at Wipro Limited and R S Software (India) Ltd. He holds an M. Tech in Computer Science from the Indian Statistical Institute, Kolkata.
Prem Shankar Patel
Senior Manager
Prem brings nearly three decades of analytics and information management experience to Estuate. He is a recognized expert who has received several awards over the years. In 2003, he was awarded the Center of Excellence (CoE) Champion Award for introduction of advanced training and certification for BIDW architects and consultants. In FY03-04 and FY04-05, he received the Best Faculty of the Year Award for his significant and effective contribution as a faculty member in the delivery of BIDW training. Previously in 2005, he received the Feather in My Cap (FIMC) Award for defining metrics for BIDW projects and establishing organizational norms. Prior to joining Estuate, Prem worked in various strategic positions at Wipro Limited and R S Software (India) Ltd. He holds an M. Tech in Computer Science from the Indian Statistical Institute, Kolkata.
Sreekantha B. S.
Head Strategic Projects
Sreekantha brings to Estuate more than 33 years of experience in IT. He has successfully sold and delivered over 130 turnkey software projects worldwide for various clients across a variety of sectors - from software, finance, manufacturing, utilities, services, and more. Prior to joining Estuate, Sreekantha led Buzznet (a Malaysian software company) for 17 years and Inventa Corporation (a US-based software company having an office in Malaysia) for 6 years.
Through his experience, Sreekantha brings in-depth knowledge of software engineering, delivery, and implementation of software projects across all technology sectors that have emerged over the last 30+ years. Sreekantha holds a Bachelor of Engineering in Electronics & Communications from Mysore University and a Master of Business Administration in Marketing from Newport University, USA.
Sreekantha B. S.
Head Strategic Projects
Sreekantha brings to Estuate more than 33 years of experience in IT. He has successfully sold and delivered over 130 turnkey software projects worldwide for various clients across a variety of sectors - from software, finance, manufacturing, utilities, services, and more. Prior to joining Estuate, Sreekantha led Buzznet (a Malaysian software company) for 17 years and Inventa Corporation (a US-based software company having an office in Malaysia) for 6 years. Through his experience, Sreekantha brings in-depth knowledge of software engineering, delivery, and implementation of software projects across all technology sectors that have emerged over the last 30+ years. Sreekantha holds a Bachelor of Engineering in Electronics & Communications from Mysore University and a Master of Business Administration in Marketing from Newport University, USA.
Naveen Shankar
Associate Director – Talent Acquisition
Naveen is a seasoned professional in the field of Human Resources and brings to Estuate a rich experience of 14 years. He holds more than 12 HR-related certifications, including some in the space of Diversity & Inclusion. Over the years, he has been consistently recognized as a change maker in his respective organizations. Before joining Estuate, Naveen led ForthPage as the Director-Cofounder.
He has also worked with organizations such as General Electric, Time Inc., and Lumen Technologies in critical HR-centric roles. Naveen holds a Master of Business Administration from XLRI - Xavier School of Management, Jamshedpur.
Naveen Shankar
Associate Director – Talent Acquisition
Naveen is a seasoned professional in the field of Human Resources and brings to Estuate a rich experience of 14 years. He holds more than 12 HR-related certifications, including some in the space of Diversity & Inclusion. Over the years, he has been consistently recognized as a change maker in his respective organizations. Before joining Estuate, Naveen led ForthPage as the Director-Cofounder. He has also worked with organizations such as General Electric, Time Inc., and Lumen Technologies in critical HR-centric roles. Naveen holds a Master of Business Administration from XLRI - Xavier School of Management, Jamshedpur.
Piyush Singh
Practice Head - Insurance
Piyush has fifteen years of work experience, including one year with Estuate. Piyush holds a Master of Computer Applications degree from Bharati Vidyapeeth University, Pune. Piyush is a highly accomplished professional with a wealth of experience in IT services and product engineering. Piyush has worked with PwC and Accenture in the past and his last positions were Delivery Manager and Dev Lead respectively.
He has received the Great Performance award from PwC and the ACE award from Accenture. Piyush has also delivered many end-to-end projects on a medium to large scale.
Piyush Singh
Practice Head - Insurance
Piyush has fifteen years of work experience, including one year with Estuate. Piyush holds a Master of Computer Applications degree from Bharati Vidyapeeth University, Pune. Piyush is a highly accomplished professional with a wealth of experience in IT services and product engineering. Piyush has worked with PwC and Accenture in the past and his last positions were Delivery Manager and Dev Lead respectively. He has received the Great Performance award from PwC and the ACE award from Accenture. Piyush has also delivered many end-to-end projects on a medium to large scale.
Subbarao Satyavolu
Vice President - Service Delivery, Americas
Subbarao is a results oriented Senior Leader with 30+ years experience in Enterprise Solution Consulting, Enterprise Program Management, Digital Enterprise Transformation/IT Modernization, Product Engineering, Governance, Risk & Compliance (GRC), IT Service and Operations Management (ITSM/ITOM) and Strategic Account management. Global experience in building & managing high performing teams in solving complex business & technological challenges for the clients
Subbarao is a proven problem solver with extensive experience in the IT industry. He has been recognized as an outstanding performer by his employers, Hitachi/Sierra Atlantic and Computer Sciences Corp (CSC). Subbarao has also been certified in Six Sigma and Project Delivery Excellence by CSC University. In addition, Subbarao is certified in Supply Chain Management and IT Infrastructure Library (ITIL). He holds an M. Tech in Computer Aided Engineering from Indian Institute of Technology (IIT) Kharagpur.
Subbarao Satyavolu
Vice President - Service Delivery, Americas
Subbarao is a results oriented Senior Leader with 30+ years experience in Enterprise Solution Consulting, Enterprise Program Management, Digital Enterprise Transformation/IT Modernization, Product Engineering, Governance, Risk & Compliance (GRC), IT Service and Operations Management (ITSM/ITOM) and Strategic Account management. Global experience in building & managing high performing teams in solving complex business & technological challenges for the clients. Subbarao is a proven problem solver with extensive experience in the IT industry. He has been recognized as an outstanding performer by his employers, Hitachi/Sierra Atlantic and Computer Sciences Corp (CSC). Subbarao has also been certified in Six Sigma and Project Delivery Excellence by CSC University. In addition, Subbarao is certified in Supply Chain Management and IT Infrastructure Library (ITIL). He holds an M. Tech in Computer Aided Engineering from Indian Institute of Technology (IIT) Kharagpur.
Satya Bobba
SVP, Global Head of GRC and Customer Success
Satya Bobba brings more than 20+ years of experience in building market-leading enterprise SaaS products and solutions. Her experience spans engineering, cloud strategy, business development and customer success. Her passion is to help customers achieve GRC goals while simplifying their processes and reduce implementation costs. She brings more than 14 years of domain experience in building and delivering GRC solutions to top enterprise customers across Financial Services, Life sciences, Hi-Tech, Healthcare and Quality verticals.
Prior to joining Estuate, she worked at MetricStream as AVP Cloud Strategy, Global Head of Platform Engineering and Head of Advanced Engineering GRC Products and Services. Earlier in her career, at AOL and Netscape she held technical roles in enterprise server technologies and personalization frameworks. She has a bachelor degree in Computer Science from Andhra University.
Satya Bobba
SVP, Global Head of GRC and Customer Success
Satya Bobba brings more than 20+ years of experience in building market-leading enterprise SaaS products and solutions. Her experience spans engineering, cloud strategy, business development and customer success. Her passion is to help customers achieve GRC goals while simplifying their processes and reduce implementation costs. She brings more than 14 years of domain experience in building and delivering GRC solutions to top enterprise customers across Financial Services, Life sciences, Hi-Tech, Healthcare and Quality verticals. Prior to joining Estuate, she worked at MetricStream as AVP Cloud Strategy, Global Head of Platform Engineering and Head of Advanced Engineering GRC Products and Services. Earlier in her career, at AOL and Netscape she held technical roles in enterprise server technologies and personalization frameworks. She has a bachelor degree in Computer Science from Andhra University.
Prasanna Kulkarni
Vice President - Sales and Marketing
Prasanna is a seasoned Technology & Sales leader with over two decades of valuable global experience. Prasanna has been with Estuate for the past 5 years, leading the Sales and Marketing department with excellence. Prasanna holds a Bachelor of Engineering from GCoE, Amravati and a Stanford Advanced Program Management qualification from Stanford Center for Professional Development. Before joining Estuate, Prasanna held various leadership roles at HCL, Wipro, Nihilent Technologies, and Godrej.
Prasanna Kulkarni
Vice President – Global Sales and Marketing
Prasanna is a seasoned Technology & Sales leader with over two decades of valuable global experience. Prasanna has been with Estuate for the past 5 years, leading the Sales and Marketing department with excellence. Prasanna holds a Bachelor of Engineering from GCoE, Amravati and a Stanford Advanced Program Management qualification from Stanford Center for Professional Development. Before joining Estuate, Prasanna held various leadership roles at HCL, Wipro, Nihilent Technologies, and Godrej.
Stanley Perumala
Global Practice Delivery Lead
Stanley Perumala is the Global Practice Delivery Lead with 8.6 years at Estuate. He holds a Masters degree in Computer Science from International Technological University, which is his area of specialization. Stanley has 16 years of experience and has held various positions at Netpace, Cognizant and Hewlett-Packard. He has received multiple accolades for his achievements such as building an innovation segment with zuora and leading the BRM practice.
Stanley is a key contributor for the BRM practice, having built the team from the ground up and building the core team for the same.
Stanley Perumala
Global Practice Delivery Lead
Stanley Perumala is the Global Practice Delivery Lead with 8.6 years at Estuate. He holds a Masters degree in Computer Science from International Technological University, which is his area of specialization. Stanley has 16 years of experience and has held various positions at Netpace, Cognizant and Hewlett-Packard. He has received multiple accolades for his achievements such as building an innovation segment with zuora and leading the BRM practice. Stanley is a key contributor for the BRM practice, having built the team from the ground up and building the core team for the same.
Prakash Balebail
Founder and Chief Executive Officer
Prakash brings more than two decades of software development & implementation experience, including over 16 years in several key roles in Oracle Corporation. His management principle has been to provide commitment to continuously improve how he serves all of his customers, partners, and employees by anticipating their needs and exceeding their expectations through a culture of creativity & forward thinking.
Prior to founding Estuate, Prakash was the Senior Director in Oracle Applications Global Sales Solutions team, which built complex Oracle E-Business Suite application demonstrations for Sales activities. Additionally, he had leadership roles in the development of Oracle’s much-acclaimed Business Flow Accelerator (BFA) for the E-Business suite. During this time, Prakash also built the highly-regarded India operations team from the ground up. Prakash holds a BS in Electrical Engineering from Karnataka University in India.
Prakash Balebail
Founder and Chief Executive Officer
Prakash brings more than two decades of software development & implementation experience, including over 16 years in several key roles in Oracle Corporation. His management principle has been to provide commitment to continuously improve how he serves all of his customers, partners, and employees by anticipating their needs and exceeding their expectations through a culture of creativity & forward thinking. Prior to founding Estuate, Prakash was the Senior Director in Oracle Applications Global Sales Solutions team, which built complex Oracle E-Business Suite application demonstrations for Sales activities. Additionally, he had leadership roles in the development of Oracle’s much-acclaimed Business Flow Accelerator (BFA) for the E-Business suite. During this time, Prakash also built the highly-regarded India operations team from the ground up. Prakash holds a BS in Electrical Engineering from Karnataka University in India.
Geetha Somayaji
Vice President Finance & Human Resources
Geetha brings over two decades of experience to Estuate in her role as an accomplished leader of Finance and Human Resources. Since joining the company in 2011, she has been instrumental in developing the financial infrastructure of the company alongside the founders, and she has come to be known a a cherished mentor to many within the organization. Geetha holds a Bachelor’s of Business Administration and Accountancy from Bangalore University, India.
Prior to her role at Estuate, she worked in payroll processing and tax returns for Gene's Fine Foods and Jay's Tax & Keeping Services. In her personal time, Geetha enjoys exploring the outdoors and spending quality time with her family.
Geetha Somayaji
Vice President Finance & Human Resources
Geetha brings over two decades of experience to Estuate in her role as an accomplished leader of Finance and Human Resources. Since joining the company in 2011, she has been instrumental in developing the financial infrastructure of the company alongside the founders, and she has come to be known as a cherished mentor to many within the organization. Geetha holds a Bachelor’s of Business Administration and Accountancy from Bangalore University, India. Prior to her role at Estuate, she worked in payroll processing and tax returns for Gene's Fine Foods and Jay's Tax & Keeping Services. In her personal time, Geetha enjoys exploring the outdoors and spending quality time with her family.