Large department store chain protects brand and sensitive credit card and customer data

This article is provided by BRC Associate Member Thales.

__________________________​

A large department store retailer with operations in multiple countries suffered a major data breach that exposed the credit card data of millions of its customers. As a result, the retailer’s brand reputation was severely damaged in the eyes of their customers. Therefore, in order to protect sensitive customer data, renew their trust, and reduce customer churn, the company decided to restructure its card and payment system security.

Challenge

With hundreds of retail locations processing millions of customer transactions a year, maintaining rigorous standards for the protection of data is a constant priority. To ensure that such a breach would never occur again, the retailer wanted to protect credit card data across its systems, from stores to back-end processing. The company hoped to achieve PCI compliance, which requires that specific security measures be in place at all times, with the use of encryption to protect sensitive data across the payment process.

Furthermore, the enterprise wanted a scalable solution that could be expanded to protect personally identifiable information (PII) stored in databases and file folders.

Solution

CipherTrust Platform

The CipherTrust Platform was deployed to provide protection for credit card data captured at stores as well as in back-end datacenters and databases. Once the decision to proceed had been made, a proof-of-concept (PoC) involving a few initial stores was conducted to validate the implementation procedures. Credit card data was encrypted at capture and transmitted in encrypted form to the back end for processing. Credit card data also remained encrypted when stored in back-end databases. Following the successful completion of the trial, the retailer gradually expanded deployment to remaining stores in larger batches.

Transparent Encryption

The next step was to deploy CipherTrust Transparent Encryption with centralized key management to protect PII data on key files and databases. CipherTrust Transparent Encryption delivers dataat-rest encryption with centralized key management, privileged user access control, and detailed data access audit logging. This protects data wherever it resides, on-premises, across multiple clouds, and within big data and container environments.

Agents are installed at operating file system or device layers, and encryption and decryption are transparent to all applications that run above the agents. CipherTrust Transparent Encryption is designed to meet data security compliance and best practice requirements with minimal disruption, effort, and cost.

Root of Trust

Thales Luna Hardware Security Modules (HSMs) provide rootof-trust for encryption keys and PKI-based use cases. Luna HSMs are hardened, tamper-resistant hardware devices that strengthen encryption practices by generating keys, encrypting and decrypting data, and creating and verifying digital signatures. Luna HSMs are certified at various FIPS 140-2 Levels and are used to:

• Meet and exceed established and emerging regulatory standards for cybersecurity
• Achieve higher levels of data security and trust
• Maintain high service levels and business agility

Luna HSMs are purposefully designed to provide a balance of security, high performance, and usability that makes them an ideal choice for enterprise, financial, and government organizations.

Results

This large department store chain dramatically improved PCI compliance by protecting credit card and other customer sensitive data across multiple systems and locations.

Dramatically improved PCI compliance

Thales provided end-to-end security for credit card data from stores to back-end data stores, including Microsoft SQL.

Personally identifiable information (PII) protection

Successful deployment and implementation for the credit card use case enabled the expansion to PII protection.

Scaled data-centric security

Thales’ solutions catalyzed security migration to new platforms, environments, and use cases.