Moto Case Study

Moto approached Gemserv to assist them with their annual Payment Card Industry Data Security Standard (PCI DSS) assessment for January 2013.

Understanding the impact resulting in change assessment process.

 

Client: Moto

Title: Moto Payment Card Industry Data Security Standard

Our Services: PCI DSS

The challenge

Moto are the largest Motorway Service Area (MSA) operator in the UK, providing retail, hospitality and rest areas for the UK Motorway traveller.

Moto currently service 126 million transactions per annum, with their market share being 43.5%, which is double that of any other competitor.

Moto approached Gemserv to assist them with their annual Payment Card Industry Data Security Standard (PCI DSS) assessment for January 2013.

Our approach

The initial engagement involved our Qualified Security Assessor (QSA) working closely with the Moto team in reviewing the PCI scope for completing a version 2.0 Self-Assessment Questionnaire (SAQ) C. Through sampling a number of onsite assessments the Gemserv QSA observed and reviewed evidence with Moto stakeholders, demonstrating to the QSA that Moto were compliant with PCS DSS. This then enabled our QSA to produce the Attestation of Compliance (AoC) which was reviewed with the Moto Management and subsequently signed off by both parties.

Since the MOTO 2013 assessment, Gemserv have provided further PCI consultancy for the Moto migration to version 3.0 of the PCI DSS. This proactive approach allowed Moto to understand their perceived position with the additional 3.0 controls, and highlighted areas that would need remediation and the additional resource to address them.

Following this initial engagement Moto and Gemserv have built strong relationships and forged a partnership that sees them continue to work together.

The outcome

After a significant rise in the number of card transactions being processed through the Moto PED estate, Moto were elevated to a TIER 1 Merchant by their Acquirer. The Moto estate is therefore required to have a more in depth review, including a more comprehensive assessment involving a full QSA led assessment and ultimately leading to a Report on Compliance (RoC).

Through working with Moto, our consultants have helped them to understand the impact resulting in change assessment process and the need for a review of the network and associated control functions and support which is outsourced to a third party.

This ongoing consultation and the close working relationships Gemserv have built with the key Moto stakeholders, has helped Moto progress their PCI project. In addition Gemserv have provided support and training for the Moto team and their key third party supplier in preparation for the 2016 assessment. Our involvement and input into the overall project work tasks have enabled them to get an extension to their annual reassessment date with the Acquirer.

Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out

More

Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors

Following the most recent government guidance, we are asking all but essential staff to work remotely. Consequently, for the time being, we will no longer be hosting meetings at our London and Dublin offices, though we will continue to provide our services as normal.

Visit our Coronavirus Information page for full details of the procedures we are adhering to and who to contact if you have any questions.

We are in unprecedented times and businesses are needing to adapt faster than ever to an ever changing situation. But what does that mean in practice and what does that mean for employees?

We are launching a series of live podcasts with some of our team whose backgrounds are in IT, Security, Business Resilience and Digital Transformation. They will discuss advice and guidance for companies in the process of adapting to unprecedented changes in the way we work and live.

Following the most recent government guidance, we are asking all but essential staff to work remotely. Consequently, for the time being, we will no longer be hosting meetings at our London and Dublin offices, though we will continue to provide our services as normal.

Visit our Coronavirus Information page for full details of the procedures we are adhering to and who to contact if you have any questions.