Welcome PROSA, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, PROSA CISO Valther Galván Ponce de León introduces us to his company and how they are helping to shape the future of payment security.
Lea o escuche en español aquí.
Tell us about your company.
PROSA is the leading electronic payment processor in Mexico and among the top ten in Latin America. Its switch processes over 10 billion transactions annually, benefiting over 70 million credit and debit card users. For over five decades, it has positioned itself as a leading technology company in developing innovative, secure, and intuitive digital solutions that create better experiences for clients and users of the Mexican financial system while maintaining high service availability. Our infrastructure and security are certified by PCI DSS, PCI PIN, ISO 9001:2015, and ISO 27001:2013.
Why did your company decide to become a Principal Participating Organization?
Our decision to become a Principal Participating Organization (PPO) is driven by several key factors that reflect our commitment to security in the payment media industry. Firstly, as a PPO, we can function as a benchmark in our sector, driving the adoption of robust measures and controls to strengthen the security of all participants and users within the financial ecosystem. This position allows us to not only influence but also actively contribute to the development of more effective security practices in the industry.
Furthermore, as a company, we are firmly committed to protecting the information of credit and debit cardholders. We strive to ensure the security of transactions and prevent fraud by implementing robust strategies for the early prevention and detection of fraudulent activity. Our approach aligns with the highest security and quality standards, and collaborating with the PCI Security Standards Council provides us with the ideal forum to advance this essential mission. Being at the forefront of security practices and actively participating in the dialogue and development of global standards is a fundamental part of our philosophy and operations.
Which benefits are you most looking forward to as a Principal Participating Organization?
As a leading company in the payment media sector, PROSA profoundly values supporting operations under the highest security standards. Membership in the PCI Security Standards Council reaffirms our unwavering commitment to fraud prevention, and we eagerly anticipate the substantial benefits of this membership.
One of the most valuable aspects of being a PPO is the unique opportunity to share and learn from the best security practices among the member entities. This exchange of knowledge and experience is crucial for enriching our understanding and continuously improving our security strategies.
Moreover, this partnership significantly increases the trust of our clients and their users. Supplying services backed by world-class security protocols reinforces our commitment to data protection and transaction integrity.
Finally, being a PPO enables us to intensify our efforts to enhance security controls and measures. Having direct access to the latest trends and developments in global security services equips us better to protect the information of credit and debit cardholders and proactively anticipate emerging challenges in information security.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
Our interest in being a benchmark in the electronic payments sector is strong, and we aspire to have more companies recognize the benefits of certifications and the knowledge that the PCI Security Standards Council can bring to their organizations. This, in turn, translates into benefits for their customers and users of credit and debit cards, especially in terms of information security.
Furthermore, as active members of the Council, we aim to promote security certifications. These certifications supply more significant opportunities for companies to conduct transactions securely and reliably, using high-quality security protocols. We aim to foster a safer and more protected environment in the electronic payment ecosystem, helping the entire industry and its users.
What are some payment security topics that you’re interested in collaborating on?
One key topic we are interested in collaborating on is integrating security into the software development cycle. It is essential to address how the scope of PCI extends into adopting cloud technologies, especially in a context where technological advances and trends are pushing companies towards applications hosted in digital environments. There are still opportunities to improve efficiency in protecting the data of financial system users.
In addition, it is crucial to create and keep sustainable long-term security processes. These processes should encourage companies to adopt and maintain the highest security standards.
Finally, we want to contribute to our sector with our ability in cryptography and PCI PIN compliance by our issuers and acquirers. We are convinced that exchanging knowledge and experiences in these areas can significantly strengthen payment security.