Client Story · Payments Security · Since 2005
Two decades processing payments. Zero breaches.
GroupISO is a credit card processing ISO — and OCMSP's oldest client. Handling cardholder data and PII makes them a constant target for attacks and spear phishing. For nearly two decades, OCMSP's layered defense has kept them breach-free while others in payments got hit.
Client network
Security Posture
- Endpoint protectionActive
- Data backupsVerified
- HIPAA / PCI complianceMonitored
- After-hours support24/7/365
The challenge
A prime target that can't afford a breach
A credit card processor sits on cardholder data and PII, which makes it one of the most attacked kinds of business there is — from network intrusions to spear phishing aimed straight at the staff.
Cardholder data under PCI-DSS scope
As a credit card processing ISO, GroupISO handles cardholder data and PII every day — squarely inside PCI-DSS scope. A single compromise could be catastrophic for their business and everyone they process for.
A constant target
Payment processors are among the most attacked businesses on the internet. GroupISO faces a steady stream of intrusion attempts, malware, and probing — around the clock.
Spear phishing aimed at the staff
Attackers don't just hit the network — they target the people. GroupISO is regularly hit with spear phishing campaigns engineered to trick specific employees into handing over access.
Devices that don't belong
In a real business, personal and unmanaged devices show up on the network. Any one of them could arrive already compromised and carry a threat straight past the perimeter.
What OCMSP delivered
Layered defense that contains anything
OCMSP built GroupISO's security so no single failure becomes a breach — segmentation to contain, detection to catch, and training to keep the people sharp.
Segmentation that supports PCI-DSS
OCMSP architected GroupISO's network into tightly segmented zones — reducing the cardholder-data environment and its PCI-DSS scope, so if anything is ever compromised it stays contained instead of spreading across the business.
Endpoint detection that catches the unknown
When a compromised personal PC was connected to the network under BYOD, OCMSP's systems detected it immediately and cut it off before it could touch anything — exactly as designed.
Monthly security awareness training
Because people are the front line against phishing, OCMSP runs security awareness training for GroupISO's staff every month — keeping the team sharp against evolving spear phishing tactics.
Defense in depth
Segmentation, endpoint monitoring, and trained users layer together so no single failure becomes a breach. Redundant controls back each other up around sensitive payment and PII systems.
Monitoring aligned to PCI-DSS
OCMSP watches GroupISO's environment continuously — the kind of logging, monitoring, and rapid response PCI-DSS calls for — ready to detect and isolate threats the moment they appear instead of after the damage is done.
A 20-year security partnership
GroupISO has been an OCMSP client since 2005. Two decades of hardening, tuning, and vigilance have kept them secure while peers in the payments space have been breached.
The engagement
How we keep GroupISO secure
Understand the risk surface
We mapped where cardholder data and PII live, how they move, and every path an attacker could take toward them.
Segment and harden
We architected a heavily segmented network with layered controls so any compromise stays localized and contained.
Train the people
We run monthly security awareness training so GroupISO's staff can recognize and resist the spear phishing aimed at them.
Monitor and respond
We watch the environment continuously — detecting and isolating threats, like the compromised BYOD PC, the instant they appear.
Case study FAQ
How OCMSP protects GroupISO
Who is GroupISO?
GroupISO is a credit card processing company — an ISO (Independent Sales Organization) — and OCMSP's oldest client, with a partnership dating back to 2005. Owned by Mike and Heidi Segura, GroupISO handles cardholder data and PII, which makes cybersecurity mission-critical to their business.
How has GroupISO stayed breach-free for two decades?
Through layered defense. OCMSP heavily segments the network so any compromise stays contained, runs endpoint detection that catches unmanaged and compromised devices, and trains staff every month against spear phishing. Together these controls have kept GroupISO secure since 2005 — even as other payment processors have been breached.
What happened when a compromised device was connected?
A personal PC was brought in and connected to the network under a bring-your-own-device scenario. It was already compromised — and OCMSP's systems detected it immediately and disconnected it from the network before it could reach anything sensitive. That's endpoint detection and network segmentation working exactly as designed.
Why does a payment processor need this level of security?
Because processors hold cardholder data and PII, they're constant targets for intrusion attempts, malware, and spear phishing. A single breach can be devastating. OCMSP's job is to make sure that even when attackers get a foothold, they can't get anywhere — and to keep the human front line trained against the attacks aimed at them.
How does OCMSP support GroupISO's PCI-DSS compliance?
Handling cardholder data puts GroupISO squarely in PCI-DSS scope. OCMSP builds and maintains the technical controls that underpin those requirements — network segmentation to shrink the cardholder-data environment, endpoint protection, continuous logging and monitoring, and regular security awareness training. That gives GroupISO a hardened, well-documented security foundation to meet its PCI-DSS obligations year after year.
Can OCMSP protect other regulated, high-risk businesses?
Yes. The same discipline that has kept GroupISO breach-free for 20 years protects law firms, medical practices, and financial offices across Orange County — network segmentation, endpoint detection, security awareness training, and continuous monitoring built around sensitive data and compliance requirements.
Handle sensitive data?
If OCMSP can protect a payment processor, we can protect you
From payment processors to law, medical, and financial offices, OCMSP builds security that contains threats before they become breaches. Book a free assessment and we'll map exactly where you stand.
