Airline – PCI DSS Compliance
A major European airline that handles internal and external customer information, including payment and transaction data subject to PCI DSS compliance.
A major European airline needed to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS).
This meant protecting the Teradata Enterprise Data Warehouse (EDW) and the UNIX file servers that load and unload the data from external systems.
The security solution also had to be scalable and transparent to authorized users. Also, wherever possible, the solution should not require changes to functional processes.
And finally, the airline required a separation of duties, to isolate data security administration to their security team.
Protegrity implemented File Protectors on the incoming and outgoing UNIX file servers to encrypt/decrypt all data at the file system level.
An authorized and signed ETL tool was augmented with Protegrity software to enable transparent read access by the tool and encryption of individual columns of payment card data before loading into the EDW.
Protegrity Database Protector for Teradata was installed in the Teradata EDW to encrypt/decrypt sensitive data at the column level within the ecosystem.
The solution also included the Enterprise Security Administrator, which provides a separation of duties, allows the security team to restrict access to sensitive data to certain authorized users and processes, and defines alerts and auditing on the entire data security system.
Requirements & Challenges
- Protect payment card data according to PCI DSS requirements
- Secure flat files at rest in file servers that handle incoming/outgoing sensitive data
- Secure data at the column level, including existing data, within the Teradata ecosystem
- Adopt a high-performance scheme to keep up with high-transaction Teradata system
- Cause no more than a 3% reduction in overall performance
- Institute separation of duties
Results & Benefits
- Achieved PCI compliance according to PCI DSS guidelines
- Minimal reduction in system performance, well under the 3% requirement
- Files encrypted at rest on incoming and outgoing file servers
- Data encrypted at the column level in the Teradata EDW
- Negligible changes to functional processes
- Separation of duties implemented with the data security policy