Resources Customer Success Stories Financial Services

Global Financial Services Provider Meets all Data Security Needs with Single Solution

Industry

  • Financial Services

Customer Profile

  • Provides credit and debit card clearing and settlement services at over one million locations

Challenges

  • Meeting data security compliance standards and requirements, including PCI DSS
  • Protecting sensitive data sent via email attachments, as well as information transferred to external locations on portable media devices

PKWARE® Solution

  • SecureZIP® for Windows® desktop
  • SecureZIP for Windows server

Results

  • Met PCI DSS compliance requirements
  • Protected sensitive data transferred on portable media
  • Leveraged policy manager functionality to enforce new encryption policies
  • Extended useful life of existing IT infrastructure by seamlessly integrating with existing PKI environment

Company Background

Our client provides credit/debit card clearing and settlement services, handling millions of transactions daily at more than a million locations worldwide.

Challenges and Requirements

The company was required to comply with the Payment Card Inudstry Data Security Standard (PCI DSS), which mandates all credit cardholder data be protected as it is transmitted, processed, and/or stored. Enforced by major credit card companies in response to the overwhelming occurrences of data theft, PCI DSS requires any company handling credit card data to comply or face monetary fines. Our client was being audited by several business partners. During the audit process, it became apparent that they needed to address the issue of data security.

The company was transmitting credit card information that originated on their Windows server throughout the company via email attachments, as well as burning data to CD for backup storage. Not wanting to risk non-compliance, they began searching for a data security solution that would enable encryption and be easy to deploy and use.

The Solution - SecureZIP

Although the company considered PGP®, they chose SecureZIP because it was able to meet all of their requirements while also providing a more robust solution. SecureZIP offered policy manager functionality for use on the company’s Windows desktops. Using policy manager, IT administrators can centrally configure encryption settings according to internal organizational policies. This allows the company to extend their data security policies, regardless of the number of endpoints or computing environments involved in the exchange. The company recognized SecureZIP would allow them to effectively protect data at the file level, making it impossible for anyone except authorized personnel to access it. By centrally configuring security settings, it also made it easier for employees to ensure they were adhering to internal data security policies, limiting their resistance to a new solution.

SecureZIP was deployed in less than a week and is now being used on Windows server and desktop environments. SecureZIP’s seamless integration with our client’s existing PKI environment was also an added benefit because the company had wanted to use their Windows servers to produce X.509 digital certificates. Digital certificates are housed in an active directory and can easily be accessed by users via Outlook.