Client Overview
Data Communications Management (DCM) is a leading provider of marketing and business communications solutions, helping enterprise organizations manage print, digital, and regulated communications at scale. With complex infrastructure, customer-facing systems, and PCI-regulated environments, DCM requires dependable security and compliance partners that can support both operational demands and evolving audit requirements.
The Challenge
How a Busy Team Efficiently Maintains PCI Compliance
For more than a decade, DCM has relied on Halo Security to support its PCI compliance and external security testing initiatives. As DCM's security program matured and expanded, the company needed a trusted partner that could provide consistent PCI ASV scanning and penetration testing, both with remediation guidance, without creating additional overhead for their busy internal team.
Over the years, DCM continued to build a more structured governance and security model designed to separate operations, standards, and auditing responsibilities. But with a small team balancing infrastructure, compliance, governance, and risk management, responsiveness and supplemental expertise made a big difference.
DCM also needed confidence that critical internet-facing systems were being validated independently alongside their broader MDR and managed risk programs.
"We use both Halo's PCI ASV services and their penetration testing services. They are an important second layer of validation," Herbert Tai, DCM's director of information security architecture, explained.
The Solution
A Responsive PCI ASV and Security Partner
DCM uses Halo Security for PCI ASV scanning and annual penetration testing across key environments. Over the years, Halo has become more than a vendor—it has become an extension of DCM's security team.
According to Herbert, the biggest differentiator is the people behind the platform. "It's the team," Herbert shared. "Halo is very responsive. They take the time to understand our environment and how we operate. They always come back with great advice and never hesitate to jump in and help."
Unlike vendors that simply deliver scan results or generic recommendations, Halo provides direct, actionable remediation guidance that helps DCM resolve issues faster and with greater confidence.
"Most vendors will tell you what the best practice is, but they stop there," Herbert said. "Halo points directly to the root of the problem and gives very specific remediation suggestions. They're honest, practical, and extremely helpful."
The continuity of the Halo team has also become a major advantage for DCM. Working with the same engineers year after year means less time re-explaining environments, faster troubleshooting, and more efficient testing cycles.
"We deal with the same people consistently, and that saves us a tremendous amount of time," Herbert explained. "They already know our history, our systems, and our environment."
The Results
Faster Response, Stronger Guidance, and Long-Term Confidence
As DCM's security and compliance responsibilities expanded, including additional PCI-regulated environments following a corporate merger, Halo continued to provide dependable support and flexibility.
Beyond responsiveness, DCM values Halo's practical, no-nonsense approach to reporting and remediation. Rather than overwhelming teams with inflated findings or excessive filler, Halo focuses on helping customers understand risk clearly and take meaningful action.
"Halo helps make the PCI compliance process easier. Halo explains the results in a way that helps us actually solve problems," Herbert said. "That guidance is included as part of the relationship, not treated as an extra consulting charge like many other companies."
After more than 10 years working together, DCM continues to rely on Halo because of the combination of technical expertise, consistency, responsiveness, and trusted partnership.
"If someone asked me for an ASV scanner or penetration testing provider, I would absolutely recommend Halo," Herbert said. "We've worked with them for over a decade and have always had a great experience."
The Halo Difference: PCI Compliance Support with US-Based Remediation Guidance Included
Halo is a PCI Approved Scanning Vendor that makes compliance faster and easier by helping you quickly remediate any issues.
- See details and clear remediation guidance on every issue that's detected.
- Easily assign and track remediation progress.
- Connect with our US-based support for fast remediation advice and guidance.
