Evolving Secure Software Lifecycle and Becoming a pioneer in achieving PCI Secure SLC standard

Verifone MVD is a pioneer for Latin America in achieving compliance accreditation for the PCI Secure SLC Standard, which is part of the new PCI Software Security Framework (PCI SSF).

Foregenix assisted Verifone in implementing the security controls within their software lifecycle process. Now, we proudly share the achievement of being the first Secure SLC-Qualified Software Vendor in the region.


First Validated PCI Secure SLC in LATAM


Months of preparation for validation


More than 10.4B of transactions annually



Verifone logo



Payment Services


Montevideo, Uruguay


PCI  SSF Software Security Framework

Secure Software Lifecycle - PCI Secure SLC




About Verifone

Verifone is an organization that securely develops payment services and software within a payment ecosystem that mainly includes devices (POS), payment gateways, e-commerce solutions, acquiring, and issuing.

The challenge

Qualifying compliance to a security standard such as the PCI Secure SLC is a challenge that requires a shift in mindset and execution approaches. It is necessary to redirect the strategy to focus on structuring the security controls within the software lifecycle. This implies reconsidering existing processes from the perspective of software security governance and security assurance.

Under this new approach, we have identified the need to redesign our ticket creation system by segmenting requirements into specific boards. This allows us to have an instant overview of priorities in our secure software lifecycle.

Our clients demand compliance accreditations as part of their requirements in Requests for Quote (RFQ). Being qualified is crucial when choosing us.

The solution

Foregenix has been our trusted companion when it comes to PCI discussions, from previous certifications like PCI PA-DSS in its various versions to the latest PCI Software Security Framework. They have always been by our side to accelerate adoption and compliance.

Throughout the journey, we have received the appropriate level of support in terms of understanding the Program Guide and the necessary forms to validate our compliance. Having an advanced knowledge of the standards is crucial to meet the requirements, and in this regard, our Foregenix consultant has provided us with support, assisting us in interpreting the guidelines for proper implementation.

We understand that the PCI Secure SLC standard incorporates the best practices from previous standards and significantly simplifies the process through 10 control objectives. We are gratified by the results we have accomplished.

“Rethinking existing processes is always beneficial in seeking improvements within the process itself, potentially eliminating inefficiencies and introducing elements that contribute to the secure software lifecycle."

Pablo Fraga

Software Development Manager

Verifone MVD