The following challenges were successfully solved through a partnership with data security software provider, comforte.
CHALLENGES: 1) The main goal was to tokenize cardholder data throughout the payments network in accordance with PCI requirements. Up until this point, our client had been relying on compensating controls, which were becoming costly and impractical. PCI Requirement 3.4 stipulates that payment account numbers (PANs) must be rendered unreadable anywhere they are stored and, according to Requirement 4.1, cardholder data must also be protected when transmitted. This means the data has to be protected while in motion and at rest. 2) An additional challenge was that the system had to stay online throughout implementation and without impacting service levels. At peak service levels the system handles up to 225 transactions per second and up to 100 million USD in a single day. In an average month, the system manages approximately 2-4 billion dollars’ worth of transactions. Any interruption of service would be extremely costly. 3) Our client uses a combination of ACI’s Base24 Classic and BASE24-eps on its mission-critical systems. Implementation on BASE24 Classic was especially complicated
in this situation as the company had extensively modified their BASE24 Classic configuration to accommodate their specific business needs. In addition, the servers are in active/active mode so that traffic is constantly balanced across both systems and freely bouncing back and forth. This meant deployment had to be done on a running production system.