Putting together the puzzle to achieve PCI Secure Software Standard

D-TEF da Linx/StoneCo Ltd is the first company in Latin America to obtain compliance with the PCI Secure Software Standard, part of the PCI Software Security Framework (PCI SSF).

Foregenix played an active part in their assessment process, guiding the team through the untouched paths of the new PCI requirements.


First Validated Payment Software in LATAM


Secure Software Standard v1.1





POSI Tecnologia | Desenvolvendo soluções inteligentes

Linx/StoneCo Ltd


Software Development




PCI  SSF Software Security Framework

Secure Software Standard


About Linx/StoneCo Ltd D-TEF 

Linx's goal is to provide end-to-end solutions for the retail industry. Linx/StoneCo Ltd leads the payment industry with their solution D-TEF, software for processing electronic payment transactions.

Understanding the challenges of processing payment data, Linx is fully committed to meeting security and regulatory standards in order to ensure the security of their clients' businesses.

The Challenge

In order to ensure the security of their clients' businesses, Linx faces the challenge of staying up-to-date with the latest threats and techniques for mitigating them. The assessment process and interpretation of requirements for the new standard proved to be a challenge for Linx's R&D team, but with the support of Foregenix as the assessor and the commitment of Linx's technology and security teams, they were able to overcome the difficulties and achieve certification.

The assessment process allowed Linx to delve deeper into technical issues that had a great impact on our solutions. It allowed Linx to identify gaps and improve our technology through the evolution of the technical solutions we apply. This allowed Linx to improve their documentation, streamline their processes, and improve their cybersecurity posture.

The Solution

Software security is a pillar for Linx. In each development process, they seek efficiency to deliver quality and secure software to their customers. By obtaining the PCI Secure Software validation, Linx is able to demonstrate the reliability of their software solutions to customers and the market. Linx customers can be confident and trust them with their needs.

D-TEF has been assessed by a Secure Software Assessor to confirm adherence to the PCI Secure Software Standard. The assessment and validation are documented by the Secure Software Assessor in a Report on Validation (ROV) and confirmed by the PCI Software Security Council by including D-TEF to the list of  Validated Payment Software.

The experience with Foregenix was exceptional. Our assessor actively helped us understand the standard and its particularities, adopting the necessary solutions to adapt our processes and documentation to the new standard requirements.

“Foregenix is ​​one of the few companies with a presence in Brazil that is capable of certifying for this new standard created by the Council, which led us to this contact that, during the negotiations, proved to be productive and very advantageous for the objectives we intended to achieve.

Thanks to Foregenix for all the support, you were instrumental in this achievement and we are very grateful for all your dedication to this project. As we already mentioned, it was a painstaking discovery job, where you were able to extract the necessary information and put together the puzzle that was the PCI Secure Software Standard.

Thank you so much for everything!"

Maicon Barboza