Business Services – PCI DSS Compliance

Company Profile

Nearly $2 billion worldwide commercial information and business insight company, with business credit and company data solutions.

business-services

Business Problem

The company received trade files from customers daily, containing sensitive Card Holder Data (CHD), making them subject to Payment Card Industry Data Security Standard (PCI DSS) regulations.

Files containing CHD were received by their mainframe and then distributed to multiple, heterogeneous databases for analysis and use. All CHD in the company systems required protection.

Protegrity Solution

Protegrity created a secure staging environment outside of the mainframe where the customer files would land. The token server inside the environment tokenized CHD within the files before sending them to the mainframe.

Due to the complex IT environment, a custom solution was needed to convert the massive amount of legacy data into tokens. Files were fed back through the inbound token server, and then placed back in their original databases tokenized.

Requirements & Challenges

  • Comply with all applicable PCI DSS regulations (Level 1)
  • Reduce scope of PCI DSS annual audit via tokenization
  • Allow authorized access to CHD for verification purposes
  • Continuous, granular monitoring on sensitive data
  • Implement a complex data security solution in a short time frame
  • Provide knowledge and responsiveness to any concerns or issues

Results & Benefits

  • Incoming CHD tokenized before reaching the mainframe
  • ~2 billion legacy records tokenized, achieving PCI compliance
  • Removed backend systems from PCI DSS audit scope
  • Provided ability to securely send CHD back to the customer
  • Enabled centralized policy-based access controls and monitoring
  • Continuous, granular monitoring on sensitive data
  • Fast implementation & dedicated staff for case management
  • Solution can easily be expanded to files from other sources

Implementation Diagram