Why Protegrity Prime Our unique data security technologies are built for today's data-driven businesses. Learn More
Data Discovery Uncover where sensitive data resides
Data Management Control every corner of the enterprise
Data Protectors Protection beyond platforms
Professional Services Security experts for every need
Security Gateways Data security that goes with the data
Vaultless Tokenization Go beyond encryption
Contact Us

Business Services Case Study

PCI DSS Compliance

Company Overview

Nearly $2 billion worldwide commercial information and business insight company, with business credit and company data solutions.


Business Problem

The company received trade files from customers daily, containing sensitive Card Holder Data (CHD), making them subject to Payment Card Industry Data Security Standard (PCI DSS) regulations.

Files containing CHD were received by their mainframe and then distributed to multiple, heterogeneous databases for analysis and use. All CHD in the company systems required protection.

Requirements and Challenges

Comply with all applicable PCI DSS regulations (Level 1)
Reduce scope of PCI DSS annual audit via tokenization
Allow authorized access to CHD for verification purposes

Continuous, granular monitoring on sensitive data
Implement a complex data security solution in a short time frame
Provide knowledge and responsiveness to any concerns or issues

Protegrity Solution

Protegrity created a secure staging environment outside of the mainframe where the customer files would land. The token server inside the environment tokenized CHD within the files before sending them to the mainframe.

Due to the complex IT environment, a custom solution was needed to convert the massive amount of legacy data into tokens. Files were fed back through the inbound token server, and then placed back in their original databases tokenized.

Results & Benefits

Incoming CHD tokenized before reaching the mainframe
~2 billion legacy records tokenized, achieving PCI compliance
Removed backend systems from PCI DSS audit scope
Fast implementation & dedicated staff for case management
Provided ability to securely send CHD back to the customer
Enabled centralized policy-based access controls and monitoring
Continuous, granular monitoring on sensitive data
Solution can easily be expanded to files from other sources