GLOBAL PAYMENT SERVICE PROVIDER ACHIEVES PCI COMPLIANCE AND PROTECTS THE DATA OF THEIR CUSTOMERS VIA TOKENIZATION

This American multinational payment service provider offers one of the most advanced and ubiquitous payment processing networks in the world. It securely handles the private data associated with billions of credit and debit cards and processes tens of thousands of transaction messages per second. This vast, high-speed network facilitates electronic funds transfers from nearly 50 million merchant locations, over a million ATMs and more than 15,000 financial clients across every continent of the world except for Antarctica. With such a large network managing such a large volume of transactions it is vital that data can be kept secure and still flows quickly between platforms across the network.

To protect their customers’ data and comply with data privacy regulations like PCI DSS and GDPR, the company decided to look for a proven data protection solution.

Read how comforte implemented a state-of-the-art solution that:

  • did not interrupt or affect their service levels
  • was far more affordable than the customer had expected
  • enabled the customer to secure their data following key requirements of both GDPR and PCI DSS

QUICK FACTS

comforte has enabled one of the world’s largest PSPs to protect sensitive data associated with billions of cards and therefore achieve compliance with data privacy standards and regulations like PCI DSS and GDPR.

CHALLENGES

Protecting the private data associated with over a billion cards is a serious challenge. These billions of cards contain not only company data, but also the private data of individuals. There’s a good chance that you own or use at least one of them.

With so many stakeholders, this network is a high-value target for cyber-attacks.
In the event of a data breach, the personal and financial data of millions of people could be compromised. A breach can be catastrophic for the affected company as well, as customers will no longer trust that their data is being handled properly.

This could hurt a company’s image for years to come. In such a situation, the importance of data protection cannot be emphasized enough.

That is why every transaction is protected and checked against hundreds of variables and fraud-detection parameters. But even with a state-of-the-art and multi-layered security system in place, it’s simply not possible to close every gap in a complex network architecture with thousands of connections to partners all around the world. The many data breaches making headlines in recent years are evidence of this.

Aware of the shortcomings of traditional approaches to data security, this PSP demanded that data at rest be protected to minimize the impact of breaches. The solution should ensure that in the event of a breach, the compromised data is useless to the attacker. Since the organization manages massive amounts of customer data from across the globe, the solution also had to comply with industry standards and regulations such as GDPR and PCI DSS.

With the authorization of tens of thousands of transaction messages per second, the requirements of a data protection solution become exceptionally demanding.

  • First, performance and throughput are mission-critical and cannot be compromised, otherwise, delays could spread exponentially across the network and severely reduce transaction volume.
  • Second, network resiliency and fault tolerance were key requirements because every second of downtime would equate to tens of thousands of messages failing to be authorized.
  • Finally, the institution needed to pass data between many different platforms, so a flexible solution was essential. In short, the company needed a comprehensive solution that adequately encrypted user data, didn’t reduce network performance, and complied with industry standards.

“We need a solution that would bridge the gap between a word-class product that simply provides a hardened security solution and a world-class product that addresses the full set of security, application transparency, and operational factors. The overall package is far more critical than simply providing strong security.” – Project Lead

PROJECT GOALS  

  • Achieve PCI DSS and GDPR compliance 
  • Protect customer data  
  • Fulfil the needs of key customers  
  • Reduce the impact of data breaches  
  • Preserve network performance  

SOLUTION

To protect their customers’ data and fulfil data privacy requirements, the company decided to be proactive and look for a proven data protection solution. They realized that they needed to protect data at rest. A business strategy had already been drawn up before the company began looking at vendors. The initiative started at the corporate level with the directive to find an enterprise-wide data protection solution. Tokenization quickly proved to be the solution that fits best because it protects sensitive data by rendering it unreadable to potential attackers.

As mentioned above, the network’s high processing volume meant performance was a main focus. The company conducted performance tests between competing tokenization solutions and found that comforte’s SecurDPS outperformed all the rest.

“The contrast between the full-featured overall package offered by comforte and the more limited, security-focused solution offered by your competitors is quite stark. We are certainly realizing the benefits of your solution in terms of both security and speed.” Project Lead

The goals of resiliency and fault tolerance were also achieved. Even in the event of online configuration changes, the system stays up and running. The modular architecture and compatibility with third-party tokenization engines enable transparent integration, which leaves a light footprint in the IT landscape. Another factor that allowed implementation to go smoothly was that the company maintained documentation of all their existing systems. This bit of foresight proved useful in every stage of the project, from drafting the solution to testing and finally during rollout.

BENEFITS

The company implemented a solution that will help satisfy one of its core messages, which is to allow both buyers and sellers to send and receive payments wherever and whenever they choose with the assurance that their data is secure. End-users can continue to do business with confidence knowing that even in the rare event of a breach, their data will still be protected.

Not only that, but network connectivity was also not affected, so customers can enjoy the same speed and reliability they have come to depend on. This fulfils the company’s promise of “wherever and whenever.” The decision to invest in data protection was also motivated by specific requests from key customers and regulatory requirements such as PCI DSS. After the rollout, those customers received a demonstration of the new security measures and were more than satisfied.

Before choosing a vendor, the customer had drawn up a business plan and calculated what the approximate overhead costs of this system would be. After working with us we were able to put together a solution that not only fulfilled all their technical requirements, it was also more affordable than they had expected. We believe data security shouldn’t break the bank and this solution proved that both literally and figuratively.

WRITE YOUR OWN SUCCESS STORY WITH COMFORTE

With more than 25 years of experience in data protection on truly mission-critical systems, comforte is the perfect partner for organizations who want to protect their most valuable asset: data.

comforte’s Data Protection Suite, SecurDPS, has been built from the ground up to best address data security in a world that is driven by digital business innovations, empowered customers, and continuous technology disruptions.

“We greatly appreciate the level of support we’ve received. Rollout management and support being on standby for us 24 hours a day has enabled us to keep up with all of our deadlines. And everyone we’ve spoken with has the technical expertise we expected and is very familiar with our high-availability systems. We are very satisfied with comforte.” – Project Lead

Learn more about comforte’s Data Security Platform by downloading the Solution Brief.
Download Solution Brief

Author

  • Thomas Gloerfeld

    Thomas Gloerfeld is Director of Partner Development & Marketing NonStop Solutions at comforte and has been associated with the NonStop community for 25 years. Before joining comforte, he held various management positions at ACI Worldwide in Germany and the UK. In his role at comforte he closely monitors topics such as data security, risk and compliance.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.