The challenge
A bank managing an asset base of $6 billion AUD
When two leading Australian banks merged, they became one of the largest lenders in the country, managing an asset base of $6 billion AUD for over 4 million Australians.
As the banks went through the merger process, they wanted to ensure all personally identifiable information (PII) and payment card industry (PCI) data, including credit card numbers, were being managed correctly and securely.
The bank needed to protect against data breaches and ensure it was meeting payment card industry data security (PCI DSS) compliance requirements.
The journey
The search for a PCI DSS compliance solution
With millions of customers across the two brands, the bank needed urgent help achieving PCI compliance following the merger. PCI compliance is critical for businesses handling credit card numbers in order to protect customers from credit card fraud.
Hackers are highly motivated to steal credit card data. If they gain access to sensitive data including primary account numbers, cardholder names, and authentication codes, hackers can impersonate the cardholder, use the card to make purchases, and even steal the cardholder’s identity.
If a data breach occurs and hackers gain access to the bank’s customers’ credit card data, the bank could suffer significant financial and reputational burdens. Customers lose trust in businesses after data breaches, and the costs of this add up.
To protect sensitive data and maintain customer trust during and after the merger, the bank needed a solution to help it accurately, quickly and easily identify where credit card data and other PII was stored, enabling the company to remediate and protect the sensitive data before any future compromise.
The bank turned to Ground Labs for help scanning and identifying cardholder data across its network.
The solution
Ground Labs’ Enterprise Recon helps achieve PCI DSS compliance
Because this bank handles such a high volume of customer credit card data and PII, the team knew it had a monumental task ahead to find where all that data was being stored. It decided to partner with Ground Labs and now relies on Ground Labs’ award-winning Enterprise Recon software to meet and maintain PCI compliance.
The company uses Enterprise Recon Pro to find where credit card numbers and PII are stored within both structured and unstructured data sources, including files, databases, emails, cloud, big data, and more. After scanning, Enterprise Recon Pro allows the team to view and analyze where this sensitive data resides and immediately contact the owners to take action.
Ultimately, Enterprise Recon Pro provides a blueprint of the sensitive data storage locations across the organization, allowing the bank to ensure on an ongoing basis that it is not storing any credit card numbers or other PII unnecessarily, and when necessary, that the company is storing them securely to protect sensitive consumer information.
Enterprise Recon identifies 54 million instances of sensitive data in the bank’s ecosystem within the first quarter of deployment.
Within the first quarter of scanning with Ground Labs’ Enterprise Recon, the bank identified over 54 million instances of sensitive information dispersed across its digital ecosystem. Enterprise Recon’s delegated remediation feature enabled the bank to assign multiple teams to address the risk using Enterprise Recon so this massive undertaking did not fall solely on the shoulders of IT.
