7/30/2019 Protegrity Solutions Brief Tokenization to Simplify PCI Compliance

1/2

7/30/2019 Protegrity Solutions Brief Tokenization to Simplify PCI Compliance

2/2

Protegrity is the leading global sotware company providing innovative end-to-end data security solutions or major corporations worldwide. Protegrity customers centrallydevelop, manage and control data security policy that protects sensitive inormation in databases, applications and fle systems rom the point o acquisition to deletion,across the enterprise. Protegritys scalable solutions give corporations the ability to implement a variety o data protection methods, including strong encryption, scalabletokenization, masking and monitoring to ensure the protection o their sensitive data and enable compliance or PCI DSS, HIPAA and other data security initiatives.To learn more, visit www.protegrity.com or call 203.326.7200.

Copyright 2011 Protegrity Corporation. All rights reserved. Protegrity is a registered trademark o Protegrity Corporation. All other trademarks are the property o their respective owners. 3/2011

a card transaction now ollows this path: (a) card data is

encrypted at the point o sale; (b) data is transmitted to a

centralized host or decryption; (c) data is tokenized on the

token server; (d) data enters the data warehouse.

The initial tokenization process was expected to take

about 30 days or 50 million card numbers. The ProtegrityTokenization process ac tually required about 90 minutes.

Deployment o the solution was non-intrusive as it did

not require obtaining third-party modifcations to code.

According to the Security Project Manager, deployment

o Protegrity Tokenization was one o the most painless

implementations we did last year.

Benefts o the Protegrity Tokenization

Deployment

The Security Project Manager reports that results o the

Protegrity Tokenization deployment exceeded the teamsexpectations.

For starters, the retailers Qualifed Security Assessors had no

issues with the e ective segmentation provided by Protegrity

Tokenization. With encryption, implementations can spawn

dozens o questions, says the Security Project Manager.

There were no such challenges with tokenization.

Segmentation with Protegrity Tokenization is yielding other

immediate benefts or the retailer:

Faster PCI audit The retailers PCI audit last year

required about seven months. With segmentation, the

retailer says the current audit will require hal that time.

Lower maintenance cost Maintenance is now

less expensive because we dont have to apply all 12

requirements o PCI DSS to every system, says the

Security Project Manager.

Better security Everyone agrees the cardholder data

is a lot more secure, says the Security Project Manager.

With tokenization, he says the retailer has been able to

eliminate several business processes such as generating

daily reports or data requests and access.

Strong performance In addition to the rapidprocessing rate or initial tokenization, the solution

meets the retailers sub-second transaction SLA.

Another beneft is that Protegrity Tokenization did not

require any signifcant changes to the ways the retailer

analyzes transactions. As part o the implementation, the

retailer elected to leave the frst six and last our digits o

card numbers in the clear. This satisfes 98% o our daily

requirements in applications, reporting, and answering

customer questions, says the Security Project Manager.

Some staers were concerned about lack o access to the

entire card number, so or the two percent o other situations,

Protegrity provided the retailer with a tokenizer utility. With

this tool, authorized staers can take a token or access to

the ull card number, and then re-tokenize ater completion

o the task. Its no longer an issue, he says.

Assessing the Project and Future Plans

with Tokenization

We have had no problems since deploying the Protegrity

Tokenization solution, says the Security Project Manager.

The Protegrity team has made the entire process much easier

or our team. This is as close to turnkey as you can get.

With the success o this deployment, the retailer is now

looking or other ways to leverage the benefts o Protegrity

Tokenization. The next big target is extending tokenization

to the companys 1,500 retail locations. The company has

about ten to twelve thousand devices enterprise-wide. By

using a dedicated tokenization device in each store, we could

remove hal o the companys network and devices out o

PCI scope, says the Security Project Manager. Thats an

opportunity or saving big money and cutting the length o

the PCI audit down to about one month, he says.

Were happy with the results o Protegrity Tokenization

and have a great working relationship with the company,

concludes the Security Project Manager. This is one o

those ew cases where a solution ended up the way the sales

guys said it would occur and its saved us a lot o time and

money.

SOLUTIONS BRIEF

The nice thing about tokenization is it turns the PCI

conversation with auditors rom gray into black and

white. They dont challenge us like they do withencryption. With Protegrity Tokenization, its very

clear i youre in scope o PCI or not.

Security Project Manager, Large Regional Store Chain