Preem Relies on Protegrity Tokenisation to Achieve PCI-DSS Compliance
Modern Tokenisation Provides Fast Path to Security for Sweden’s Largest Oil Company
STAMFORD, CT and LONDON–(Marketwire – Dec 6, 2011) – Protegrity USA, Inc., a leading provider of end-to-end data security solutions, announced today that Preem AB, Sweden’s largest oil company, has adopted its data security platform to deliver PCI-DSS compliance for credit card transactions at more than 470 gas stations across the country. Protegrity’s solutions use modern tokenisation to ensure flexible, scalable security for customer data in transit and at rest without impacting transaction processing speeds. “We had two key requirements for our customer data security system beyond the compliance issue — rapid implementation and zero latency in customer transaction processing,” said Claes-Håkan Johansson, CIO at Preem AB. “Protegrity’s approach has enabled us to tokenise several million unique credit card numbers and have the entire system up and running — including maintaining high transaction processing performance and the ability to quickly detokenise if a refund is required — in well under a month. The company’s flexibility and attention to detail in meeting our needs has been quite exceptional.” “Retail is one of the fastest growing sectors targeted for data theft, with multiple points of vulnerability throughout the transaction process,” said Ulf T. Mattsson, Chief Technology Officer for Protegrity. “We are pleased Preem has selected our modern tokenisation solution to achieve efficient and safe data protection for its fast-paced environment.” Why Protegrity In evaluating the different technologies available, Preem determined that the simplest way to achieve PCI-DSS compliance would be to adopt the tokenisation approach. Tokenisation protects sensitive data by replacing it with tokens that hold no value to someone who gains unauthorized access to that data. The data replacement process is randomised — a similar philosophy to one-time cipher pads — rendering it far more secure than predictable encryption keys and algorithms, which are vulnerable to brute force attacks. This approach also delivers significant benefits in terms of an organisation’s compliance audit requirements. When credit card data is replaced with tokens, close to 50 percent of the PCI DSS security checks no longer apply, because only the tokens are stored, not the Primary Account Number. This means the requirement to encrypt databases and archives no longer applies; there is no need to manage huge numbers of encryption keys, and cumbersome access control systems are not required. Preem’s operation involves hundreds of thousands of transactions, many of which relate to debit/credit card transactions and need to be tokenised within a short window of time. With such a high transaction volume, basic tokenisation would have quickly become unmanageable, so Preem chose instead to use Protegrity’s modern tokenisation technology. This has eliminated performance, scalability and availability issues by pre-generating static token tables that can be installed in multiple locations. The Protegrity solution has been proven to perform over two hundred thousand transactions per second on a small configuration, and is being implemented by a number of major retailers today. About Preem PREEM AB is Sweden’s biggest oil company and accounts for about 80 percent of Swedish refinery capacity and about 30 percent of Nordic capacity. The company’s two wholly-owned refineries have a combined capacity of more than 18 million cubic meters and are among the most modern, environmentally-friendly and energy-efficient in Europe. In 1996, Preem established a new chain of gas stations formed by the merger of all Texaco stations in Sweden and OK Petroleum stations in southern and western Sweden. The company had revenues of SEK 87 billion (approximately US$13 billion) in 2010, and employs around 3,400 people. About Protegrity Headquartered in Stamford, Conn. with an office in London, UK, Protegrity provides high performance, infinitely scalable, end-to-end data security solutions that protect sensitive information across the enterprise from the point of acquisition to deletion. The company’s award winning software products span a variety of data protection methods, including end-to-end encryption, tokenisation, masking and monitoring and are backed by several important data protection technology patents. Currently, more than 200 enterprise customers worldwide rely on Protegrity’s comprehensive data security solutions to enable compliance for PCI-DSS, HIPAA and other data security requirements while protecting their sensitive data, brand, and business reputation. For more information, please visit www.protegrity.com.