Welcome Cielo, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Cielo’s CISO Glauco Sampaio introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
Cielo is a technology and services company, and we are a reference in the electronic payments segment in Latin America. We want to change the market and payment methods are the gateway to various intelligent and interconnected services. We offer a portfolio of solutions to meet the needs of our thousands of customers, from individual entrepreneurs to large retailers across the country. We believe that no business was born to stand still, and our job is to awaken that same feeling in each of our customers. Cielo is a reference in the payment industry in Brazil, helping merchants to stay connected with their consumers, tailoring new products and services in line with their business needs and offering free online training to give them the opportunity to increase their maturity and move forward with the digital transformation.
Why did your company decide to become a Principal Participating Organization?
We decided to become a Principal PO because we want to have an active voice in the Council to continue transforming the payment chain in the Brazilian and Latin American markets. We've been working with the Council and payment card brands for over a decade to encourage our providers, partners, and customers to develop secure applications and devices to make the user experience safer. This is the reason why we became a Principal PO. Increasing our participation to Principal PO seemed so natural to us because that is exactly what our customers expect from Cielo: active participation in the Council in defense of interests common to all.
According to recognized fraud mapping institutes, Brazilian e-commerce recorded 5.6 million fraud attempts during the first half of 2023. This scenario motivates us, alongside the PCI Security Standards Council, to dedicate even more efforts to mitigate this occurrence in the country, reinforcing security protocols and improving our security solutions through our regional understanding and international expertise.
Which benefits are you most looking forward to as a Principal Participating Organization?
In a nutshell, collaboration and influence is what we expect from becoming a Principal Participating Organization. We are a reference in electronic payments in Latin America and have contributed to the development of our market by embracing security as our main cause. In addition to participating in PCI SSC groups, we also see as a benefit the opportunity to expand the knowledge of our specialists through awareness training for ISA internal assessors and PCI Professionals. The material made available by PCI SSC is an important tool to empower our security team.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
The most relevant point of participating in PCI SSC programs, especially the PPO, is being able to help decide on the future of security standards that impact our business. The Latin American market has unique characteristics that need to be treated with exclusive approaches so that everyone can deal with payment security in the best possible way.
What are some payment security topics that you’re interested in collaborating on?
We would like to work with emerging technologies involving mobile payments to prepare ourselves to deal with possible threats from these devices. This is important because, historically, consumers have been instructed not to use unknown computers and not to type their passwords on such equipment. The creativity of fraudsters and the large number of frauds in the global market have caused friction in the use of new payment devices.