
Building PCI DSS compliance from scratch


3x
100%
50%
100%
THE COMPANY
Deliberate approach to building trust in fintech
GoMobi is a fintech platform operating under the regulatory oversight of Malaysia. As a company, they embed security deeply into their operations. However proving this via a compliance certification was essential.
THE CHALLENGE
Achieving PCI DSS without prior compliance experience
Since GoMobi were not compliant with any industry framework to begin with, there was a steep learning curve involved. This meant re-evaluating security posture from the ground up.
- Setting up compliance operations from scratch: With no clear roles established or policies approved across departments, there were gaps in ownership.
- Time-draining manual collection of evidence: Teams had to manually track evidence submissions and validity, increasing complexity and the likelihood of inaccuracies.
- Reactive approach to remediating issues: Gaps in monitoring the overall security and compliance posture meant that there were delays in fixing any issues coming up.
- Avoiding short-term tick-the-box compliance: GoMobi did not want to achieve certification as a stamp of approval, but instead tailor its processes to sustain it continuously to build trust.
THE SOLUTION
Built-in expertise, automation, and audit readiness
With Scrut’s unified platform to manage policies, automate evidence collection, and prep confidently for audits; GoMobi quickly transitioned to a structured, audit-ready compliance program.
POLICY MANAGEMENT
Consolidated compliance monitoring and management
Scrut’s central dashboard allowed HR, IT, and governance teams to collaborate seamlessly. Policies were created easily using the in-line editor and auditor-vetted templates. Further, automated recurrence schedules for updating policies were set up. Employee policy acceptance was streamlined with timely automated reminders. All this was done with collaboration enabled by the platform’s task management capability. Lastly, detailed audit logs tracked every minute action in real time for comprehensive visibility during audits.

CLOUD TEST MONITORING
Automated cloud scans and evidence collection
Scrut’s multi-cloud integrations helped enforce role-based access controls and monitor cloud security across AWS and Azure AD. Daily automated scans flagged potential vulnerabilities in real-time, and the automated metadata remediation enabled the closing of such issues swiftly. Evidence from across the tech stack was also automated. Code repositories and MDM were routinely scanned to pull in evidence in the required format. Further, the dashboards provided comprehensive visibility into current gaps and progress.

AUDIT CENTER
End-to-end audit preparation and support
Scrut’s expert infosec team with over 50 years of experience, provided extensive support in creating and managing compliance documentation. Corrective actions were minutely tracked and implemented via the platform and any other compliance gaps or vulnerabilities were instantly identified and mitigated. Structured guidance throughout the audit preparation process helped them enter the certification phase with confidence, knowing that all necessary controls and the 12 core requirements of PCI DSS were robustly in place.

THE IMPACT
Strengthening security maturity for long-term fintech growth
- Improved security alignment across departments: Scrut’s methodical approach and intuitive platform led to an organization-wide culture of compliance and accountability, leading to better cross-functional operations.
- Comprehensive visibility of compliance progress: Proactive tracking of compliance from cloud to evidence and even audits, led to greater transparency in progress and gaps and ensured that appropriate steps were taken to maintain constant compliance.
- Reduced overhead, increased compliance maturity: GoMobi avoided additional tooling costs of having an additional HRMS by using Scrut to automate employee access control, policy acknowledgment tracking, and security trainings.
- Future-proofed compliance for scalable growth: Pursuing PCI DSS with a methodical, security-first approach has laid the foundation for sustainable growth. This aided market expansion, especially across regulated geographies.
“We were building from scratch. Scrut gave us the playbook to roll out compliance operations across teams without the chaos. Everything from policy to evidence to even security trainings were streamlined to an extent we did not think was possible”
Nandakumar Rangasamy
Engineering Lead & India Site Leader, Gomobi
Success stories from the GRC frontlines


