Protegrity Solutions Brief Tokenization to Simplify PCI Compliance
-
Upload
gurwindersaini2003 -
Category
Documents
-
view
214 -
download
0
Transcript of Protegrity Solutions Brief Tokenization to Simplify PCI Compliance
-
7/30/2019 Protegrity Solutions Brief Tokenization to Simplify PCI Compliance
1/2
-
7/30/2019 Protegrity Solutions Brief Tokenization to Simplify PCI Compliance
2/2
Protegrity is the leading global sotware company providing innovative end-to-end data security solutions or major corporations worldwide. Protegrity customers centrallydevelop, manage and control data security policy that protects sensitive inormation in databases, applications and fle systems rom the point o acquisition to deletion,across the enterprise. Protegritys scalable solutions give corporations the ability to implement a variety o data protection methods, including strong encryption, scalabletokenization, masking and monitoring to ensure the protection o their sensitive data and enable compliance or PCI DSS, HIPAA and other data security initiatives.To learn more, visit www.protegrity.com or call 203.326.7200.
Copyright 2011 Protegrity Corporation. All rights reserved. Protegrity is a registered trademark o Protegrity Corporation. All other trademarks are the property o their respective owners. 3/2011
a card transaction now ollows this path: (a) card data is
encrypted at the point o sale; (b) data is transmitted to a
centralized host or decryption; (c) data is tokenized on the
token server; (d) data enters the data warehouse.
The initial tokenization process was expected to take
about 30 days or 50 million card numbers. The ProtegrityTokenization process ac tually required about 90 minutes.
Deployment o the solution was non-intrusive as it did
not require obtaining third-party modifcations to code.
According to the Security Project Manager, deployment
o Protegrity Tokenization was one o the most painless
implementations we did last year.
Benefts o the Protegrity Tokenization
Deployment
The Security Project Manager reports that results o the
Protegrity Tokenization deployment exceeded the teamsexpectations.
For starters, the retailers Qualifed Security Assessors had no
issues with the e ective segmentation provided by Protegrity
Tokenization. With encryption, implementations can spawn
dozens o questions, says the Security Project Manager.
There were no such challenges with tokenization.
Segmentation with Protegrity Tokenization is yielding other
immediate benefts or the retailer:
Faster PCI audit The retailers PCI audit last year
required about seven months. With segmentation, the
retailer says the current audit will require hal that time.
Lower maintenance cost Maintenance is now
less expensive because we dont have to apply all 12
requirements o PCI DSS to every system, says the
Security Project Manager.
Better security Everyone agrees the cardholder data
is a lot more secure, says the Security Project Manager.
With tokenization, he says the retailer has been able to
eliminate several business processes such as generating
daily reports or data requests and access.
Strong performance In addition to the rapidprocessing rate or initial tokenization, the solution
meets the retailers sub-second transaction SLA.
Another beneft is that Protegrity Tokenization did not
require any signifcant changes to the ways the retailer
analyzes transactions. As part o the implementation, the
retailer elected to leave the frst six and last our digits o
card numbers in the clear. This satisfes 98% o our daily
requirements in applications, reporting, and answering
customer questions, says the Security Project Manager.
Some staers were concerned about lack o access to the
entire card number, so or the two percent o other situations,
Protegrity provided the retailer with a tokenizer utility. With
this tool, authorized staers can take a token or access to
the ull card number, and then re-tokenize ater completion
o the task. Its no longer an issue, he says.
Assessing the Project and Future Plans
with Tokenization
We have had no problems since deploying the Protegrity
Tokenization solution, says the Security Project Manager.
The Protegrity team has made the entire process much easier
or our team. This is as close to turnkey as you can get.
With the success o this deployment, the retailer is now
looking or other ways to leverage the benefts o Protegrity
Tokenization. The next big target is extending tokenization
to the companys 1,500 retail locations. The company has
about ten to twelve thousand devices enterprise-wide. By
using a dedicated tokenization device in each store, we could
remove hal o the companys network and devices out o
PCI scope, says the Security Project Manager. Thats an
opportunity or saving big money and cutting the length o
the PCI audit down to about one month, he says.
Were happy with the results o Protegrity Tokenization
and have a great working relationship with the company,
concludes the Security Project Manager. This is one o
those ew cases where a solution ended up the way the sales
guys said it would occur and its saved us a lot o time and
money.
SOLUTIONS BRIEF
The nice thing about tokenization is it turns the PCI
conversation with auditors rom gray into black and
white. They dont challenge us like they do withencryption. With Protegrity Tokenization, its very
clear i youre in scope o PCI or not.
Security Project Manager, Large Regional Store Chain