The Challenge
Reduce PCI scope and risk without hurting performance or operations
To comply with PCI DSS standards, the retailer had to protect sensitive data in its enterprise data warehouse, which contained customer information, sales transactions, and credit card numbers. The data protection solution needed to meet several requirements:
Seamless fit with Teradata EDW: The data protection solution required seamlessly compatibility with the retailer’s data warehouse, built on Teradata. Deployment of the data protection solution needed to minimally disrupt the retailer’s e-commerce and in-store operations, as these disruptions could cost them significant revenue and damage customer experiences.
No performance degradation: Once implemented, the data protection solution could not slow down transaction processing or otherwise hurt operational efficiency for either e-commerce or in-store POS transactions.
Frictionless adoption: The implementation of the new data protection solution — and its ongoing impacts — could not make it harder for the retailer’s employees to do their jobs. That onboarding/adoption experience needed to be as frictionless as possible in order to ensure employee buy-in and adherence to policies.
The Solution
Enterprise-wide, embedded data protection aligned to PCI DSS
The retailer partnered with Protegrity to implement an enterprise-wide, embedded data protection strategy for descoping systems from PCI compliance requirements and enhancing data security:
- Dual data environment with tokenization: The retailer adopted Protegrity’s tokenization to segment its data environment into a PCI-compliant cardholder data environment (CDE) and a separate non-CDE. By tokenizing sensitive data as it enters the CDE, Protegrity enabled the retailer to restrict access to plaintext data, keeping non-CDE systems out of PCI scope. This approach reduced audit requirements and compliance costs significantly
- API and application integration: Protegrity’s platform was seamlessly integrated across various operating systems and environments, enabling tokenization capabilities throughout the retailer’s IT ecosystem.
- Low-latency, high-performance design: Given the retailer’s high transaction volumes, particularly during peak periods, Protegrity’s solution was selected and optimized for low latency. By processing data protection at the source, Protegrity minimized delays and avoided congestion across systems, enabling fast, secure transactions even under heavy loads.
The Outcome
Immediate wins and long-term resilience
The program delivered measurable security and compliance gains—while preserving performance.
- Reduced breach risk: De-identifying sensitive data reduced attack surfaces, safeguarding customer information and lowering the risk of breaches.
- Lower cyber insurance costs: By descoping systems from audits and compliance, the company realized savings on annual cyber-insurance premiums.
- Faster checkout experiences: Tokenization at the point of ingestion improved processing speeds across POS and e-commerce—especially during peak periods like Black Friday.
- Simplified compliance audits: Isolating pseudonymized tokens within the CDE streamlined PCI DSS audits without added complexity.
- Enabling secure analytics: Referentially intact, de-identified data supported advanced analytics without exposing sensitive information.
Long-Term
- Future-proofing data security & compliance: Embedded protections allow the retailer to maintain compliance seamlessly as PCI requirements evolve.
- Improved data discovery & governance: Protegrity’s platform surfaced hidden plaintext usage, enhancing visibility and governance.
- Scalable data protection for growth: Flexible controls scale with the move to advanced cloud data storage—across on-prem, cloud, hybrid, and multi-cloud environments.
Technology Implementation
The Protegrity Advantage: Driving Cloud Innovation
Before Protegrity Implementation
- Sensitive data replicated in multiple systems increases attack surface.
- Broad PCI scope drives audit complexity and cost.
- Performance risk at peak checkout periods.
- Manual or fragmented approaches to de-identification.
- Limited ability to run analytics on protected data.
With Protegrity
- Data de-identified at source; tokens flow safely downstream.
- Systems descoped from PCI; lower audit and insurance burden.
- Low-latency protection keeps lines moving and carts converting.
- Centralized policy enforcement with consistent APIs.
- Analytics on protected data via format-preserving methods.
Protegrity’s platform provided unmatched ease of integration and performance. The ability to standardize data protection across systems while maintaining operational speed has been transformative.
Senior Security Engineer, Fortune 500 Retailer