While not new to the Council, current Board of Advisor member MagicCube is now a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, MagicCube’s co-founders Nancy Zayed, CTO and Sam Shawki, CEO introduce us to their company and how they are helping to shape the future of payment security. Welcome, MagicCube!
Tell us about your company.
The company offers a unique way to enable secure payment transactions by leveraging its virtual Trusted Execution Environment (vTEE), leading the Software Defined Trust (SDT) category. MagicCube's VTEE enables secure, large-scale deployment and management of solutions without the cost, complexity, and constraints of legacy hardware secure elements, such as SIM cards and HSMs.
Why did your company decide to become a Principal Participating Organization?
Becoming a PPO demonstrates our unwavering commitment to data security and customer trust. By aligning ourselves with the PCI Security Standards Council, we show our dedication to upholding the highest security standards in the industry. This sends a powerful message to our partners, stakeholders, and customers that we prioritize their data protection and privacy. As a PPO, we get to work within PCI SSC to create invaluable resources and guidance and share our own learning and expertise in the payments security field with the rest of the ecosystem. The PPO framework helps push practical innovation that enables us to stay at the forefront of emerging security threats, comprehend the latest compliance requirements, and implement best practices effectively. By leveraging the insights provided by the PCI SSC, we can fortify our security infrastructure, proactively identify vulnerabilities, and ensure the safeguarding of both our organization's information and that of our valued customers.
Which benefits are you most looking forward to as a Principal Participating Organization
Becoming a Principle Participating Organization will position MagicCube as a proactive and forward-thinking business as regulatory requirements and customer expectations around data security continue to evolve. The opportunities to influence and collaborate, as well as expand knowledge are paramount to a secure and well-balanced ecosystem. By aligning ourselves with the PCI SSC, we demonstrate our readiness to meet and exceed the heightened security demands of the industry. This commitment helps solidify our brand image as a trusted and responsible organization, instilling confidence in our clients and prospects. We look forward to working as a PPO with PCI SSC to ensure that payment security is achievable for all players of all sizes.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
The PPO program shows PCI SSC’s commitment to offering new seats at the table to make sure that it is representative of the many types of players in the fintech and payment industries. As such, the program offers numerous advantages for our company.
What are some payment security topics that you’re interested in collaborating on?
MagicCube is interested in collaborating on the topics below and open to engaging in other relevant discussions:
- Fraud Prevention and Detection: Collaborating on strategies and technologies to prevent and detect fraudulent activities in transactions, including the development/sharing of fraud detection tools, machine learning algorithms, and best practices for fraud mitigation.
- Secure Payment Applications and Solutions: Collaborating on the development and certification of secure payment applications and solutions, including mobile payment apps, point-of-sale (POS) systems, and e-commerce platforms. This involves sharing insights on secure coding practices, secure software development lifecycles, and threat modeling.
- Compliance with Regulatory Standards: Collaborating on understanding and implementing regulatory requirements related to payment security, such as the Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR), and other regional or industry-specific regulations.
- Emerging Technologies and Innovations: Exploring and collaborating on the security implications of emerging technologies.
- Security Awareness and Training: Collaborating on security awareness programs and training initiatives to educate employees, partners, and customers about payment security best practices.
- Ransomware Defenses: Ransomware is yet another form of cyberattacks that extend beyond payments. From our vantage point, we see that other industries follow the lead of PCI SSC when it comes to security. We hope to be able to collaborate within PPO and PCI SSC as a whole to highlight and focus more resources and attention on ransomware.