Our client provides credit/debit card clearing and settlement services, handling millions of transactions daily at more than a million locations.

The company was required to comply with the PCI Data Security Standard, which mandates all credit cardholder data be protected as it is transmitted, processed, and/or stored. Enforced by Master-Card, VISA, and American Express in response to the overwhelming occurrences of data theft, PCI DSS requires any company handling credit card data to comply or face monetary fines. The company was being audited by several partners and throughout this process it became apparent that they needed to address the issue of data security.

The company was transmitting credit card information that originated on their Windows server throughout the company via email attachments, as well as burning data to CD for backup storage. Not wanting to risk non-compliance, they began searching for a data security solution that would enable encryption and be easy to deploy and use.

Although the company considered PGP®, they chose SecureZIP because it met all of their requirements and provided a more robust solution. SecureZIP was also simple to use and offered policy manager for their desktops. The company recognized SecureZIP for desktop would help them enforce their new encryption policy and limit employee resistance to the solution.

SecureZIP was deployed in less than a week and is now being used on Windows server and desktop environments. SecureZIP’s seamless integration with a PKI environment was also an added benefit because the company wanted to use their Windows servers to produce X.509 digital certificates and an active directory to centrally store the certificates so they could be easily accessed by users via Outlook.