CUSTOMER SUCCESS STORY: Voltage SecureData
Global Financial Services Company:
Achieving PCI Compliance at
Greatly Reduced Cost
The global financial services company has a major credit card processing business. Like other credit card companies, it is imperative that
they comply fully with the PCI DSS standards and procedures. Before Voltage Security, they were engaged in a security and compliance
program costing tens of millions of dollars. In this initiative, Voltage SecureData would play a key role, by limiting the scope of PCI DSS
compliance, by removing whole classes of systems from compliance scope.
Cutting Costs by Shrinking Scope
The global financial services company data processing systems handle a large amount of credit card data. Some 300 million primary account numbers (PANs) are in use, processed by about 200 different applications. In turn, these applications are executed on a variety of
platforms, ranging from mainframes to Teradata platforms to Oracle databases to open system applications. Data flows around the global
financial services infrastructure on web service protocols, message bus architectures, and the Ab Initio ETL system. Before they adopted
the Voltage SecureData solution, all of these applications and platforms were subject to full PCI DSS compliance requirements. The expense of their initiative for compliance was proportional to the scope of systems subject to compliance; consequently the ability of Voltage
SecureData to reduce that scope translated into very large savings.
Many demanding technical requirements were met by the Voltage SecureData solution:
• Convert PANs to protected form, with the data emerging unprotected only when absolutely needed. This removes many systems
from PCI compliance scope.
• Flexibly support different protection methods in different jurisdictions; for example, encryption in the US and tokenization in the UK.
• Minimize costly changes to existing systems and software.
• Empower developers with multiple interfaces to rapidly integrate data protection into applications where required.
• Provide scalable and centrally controlled operations.
• Meet stringent performance requirements to maintain application performance levels.
Highlights
• Reduce security risk and achieve PCI DSS compliance
• Minimize costs by minimizing PCI DSS compliance scope
• Leverage the PCI technology investment to protect other forms of confidential or private data
• Provide a single solution, across many platforms and many interfaces
Voltage Security, Inc.
US Tel: +1 (408) 886-3200
EUR Tel: +44 (0) 203 468 0559
www.voltage.com/contact
How It Works
The solution employed Voltage SecureData with Voltage Secure Stateless Tokenization (SST) and Voltage Format-Preserving Encryption
(FPE) technologies. Instead of needing to make changes to all 200 applications where PCI data needed to be protected, integration was
achieved using just a few systems that performed translations from the unprotected to protected form. This was a byproduct and major
benefit of exploiting the Voltage web services interface.
All of the classic credit card operations are ultimately supported by the different applications of this global financial services company, which
transfer balances from one card to another, track credit card balances, and make payments, all via either web front ends or through a call
center. The ability of Voltage SecureData to limit people and system access to only the last four digits of a credit card number drastically
reduced the PCI scope of the company.
The system rollout proceeded rapidly. GSI Commerce and Deloitte led the deployment, classifying data flows and identifying affected applications. Application performance was not impacted as the solution was implemented. Future integration of Voltage SecureData for other
types of sensitive data is planned in further phases of the project.
The end result was a greatly streamlined PCI compliance initiative. As the customer said, “Voltage is the brains behind this $20
million project.”
ABOUT VOLTAGE SECURITY
Voltage Security®, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption and key management solutions, enabling our customers to effectively combat new and emerging security threats. Leveraging breakthrough encryption
technologies, our powerful data protection solutions allow any company to seamlessly secure all types of sensitive corporate and customer
information, wherever it resides, while efficiently meeting regulatory compliance and privacy requirements.
For more information, please visit www.voltage.com.
Voltage Security, Inc., Voltage Identity-Based Encryption (IBE), Voltage Format-Preserving Encryption (FPE),Voltage Page-Integrated Encryption (PIE), Voltage Identity-Based
Symmetric Encryption, Voltage SecureMail, Voltage SecureMail Mobile Edition, Voltage SecureMail Application Edition, Voltage SecureMail eDiscovery Compliance Tool,
Voltage SecureMail Archive Connector, Voltage SecureMail Statement Generator Service, Voltage SecureMail Cloud, Voltage SecureData, Voltage SecureData Enterprise,
Voltage SecureData Payments, Voltage Secure Stateless Tokenization (SST), Voltage SecureFile, Voltage SecureData Web, and Voltage Cloud Services are registered
trademarks of Voltage Security or are trademarks and service marks of Voltage Security, Inc. All other trademarks are property of their respective owners.
Voltage Security, Inc.
US Tel: +1 (408) 886-3200
EUR Tel: +44 (0) 203 468 0559
www.voltage.com/contact
v04092013