Case Study: PCI Achieves Continuous Compliance and 80% Automated Application Assessment with Veracode

Large Financial Services Firm Passes Its PCI Audit— and Implements an Ongoing Governance Program to Continuously Reduce Enterprise Risk

A large financial services firm sought Veracode's help to pass a PCI audit with a one-time assessment project. The firm originally planned for a fragmented, ad hoc approach but, after meeting with Veracode, realized it needed an ongoing governance program to continuously reduce risk from its web and third-party applications and ensure lasting compliance.

Veracode implemented its cloud-based service and policy-based approach, which included documenting applications, integrating security into the software development lifecycle, and training developers. The results were significant: the firm passed its PCI audit in three months, automatically assesses 80% of its applications, identified and trained 122 developers, and expanded its program to cover many more business-critical applications, doubling its coverage. Veracode's solution transformed the firm's approach from a one-time project into a strategic, scalable program.

PCI