top of page

Open Finance in Colombia:

PCI DSS and information security compliance with External Circular 004 of 2024 of the SFC (Financial Superintendence of Colombia)

In emerging financial ecosystems, fintechs and technology startups, where we are third party data recipients (TRDs), data security and regulatory compliance are critical elements for success and customer trust. Recently, the Financial Superintendence of Colombia (SFC) issued External Circular 004 of 2024, establishing norms and standards for open finance in Colombia.

Among the security requirements, it stands out: having the Certification of the PCI DSS standard (Payment Card Industry Data Security Standard) signed by an entity that holds the category of QSA (Qualified Security Assessor) and supported by the AoC document (Attestation of Compliance).

And that's right there where the challenges begin... 🥵🥵

Just thinking about starting and carrying out a PCI DSS compliance and certification process in a company can be overwhelming, it is a challenge that you do not know when it will end. From the beginning, it is difficult to understand and apply the requirements of the standard both in the infrastructure that secures the information and in the company's processes, especially for companies or startups without prior experience in information security applied to PCI DSS.

Now, among the biggest challenges involved in obtaining the long-awaited AoC, there are certain factors to evaluate, it is not just the economic cost that seems to be endless along with the technological infrastructure. There is also the time, the definition of the certification scope, the vulnerability scans, the follow-up sessions, the collection of evidence, the personnel and all the resources necessary to prepare the required documentation that supports continued compliance with the standard.

But what happens if I don't comply with the circular and PCI DSS?... 🤔🤔🤔

The consequences of not complying with regulations can be serious for financial institutions. From service disconnections with forced cancellation of contracts, to significant financial penalties and even the loss of customers and reputation are just some of the possible ramifications.

These risks are especially pronounced in the context of PCI DSS, where penalties can reach exorbitant figures and directly affect the viability of a company.

Thinking about this, I want to present you an innovative solution to the PCI DSS challenge, you get certified in weeks💡💡💡

This model allows you to reduce the PCI DSS scope by up to 90%. Fulfilling only 1 requirement of the 12 of the standard for Level 1 and Level 2 certifications (we take care of the rest).

Additionally, investments and costs, dedication are reduced; and most importantly reduce the risk and related fraud. In this way they will be able to comply with the SFC circular and focus on their core business.

PCI DSS fulfilling only requirement 12 🤩🤩🤩

Faced with these challenges, Nebula Banking presents an innovative solution to help fintech and startups comply with PCI DSS requirements quickly, efficiently and cost-effectively.

After having achieved Level 1 certification for two consecutive years, investing thousands of dollars in each one and having done successful Level 2 certifications for different payment gateways, I can tell you with confidence: This is what your company needs!

IMG_7576.jpg

These are the key features of our solution ✅

Untitled Design (2).png

Issuance of AoC: Given external circular 004 of 2024, you absolutely need your AoC to be in compliance. With our solution, you will obtain this document quickly and before the deadline stipulated by the SFC.

PCI DSS Scope Reduction: Our exclusive methodology allows you to reduce the PCI DSS scope by up to 90%, minimizing the operational burden and simplifying the implementation of security measures. You just have to comply with requirement 12 of the standard (security policies that you have to implement in your company to be certified in PCI DSS).


Cost Reduction: With our innovative approach, investments and costs associated with PCI DSS compliance are significantly reduced, allowing companies to allocate additional resources to their core business (“shoe rack to your shoes”).

Did you like this article and want to know more? Complete the following form!

Share this article with your network and community!

bottom of page