The challenge
A finance provider managing payments for thousands of businesses
A leading financial technology company helps thousands of businesses increase sales and profits by offering flexible payment options for customers. The company works with a wide range of industries across North America, including veterinary, dental, continued education and dating services industries.
The firm has more than 2 billion USD assets under management and has helped businesses finance hundreds of thousands of consumers, requiring it to handle a high volume of credit card and social security numbers every day.
The journey
The search for a PCI DSS compliance solution
The company needed to ensure that sensitive data was secure, and wanted to maintain compliance with the Payment Card Industry Data Security standard (PCI DSS). PCI DSS compliance is critical for businesses handling credit card numbers because credit card fraud and theft are very prevalent.
Hackers are highly motivated to steal credit card data. If they gain access to sensitive data like primary account numbers, cardholder names and authentication codes, hackers can impersonate the cardholder, use the card to make purchases and even steal the cardholder’s identity.
If a data breach occurred and hackers gained access to customer credit card data and social security numbers, this financial technology company could suffer from a huge financial and reputational burden. Customers lose trust in businesses after data breaches, and the costs of this add up.
To protect sensitive data and maintain customer trust, the airline needed a solution to help it accurately, quickly and easily identify where its credit card data was stored, enabling the company to remediate and protect the sensitive data before any future compromise.
Companies that fail to meet their PCI DSS compliance obligations are vulnerable to:
- Reputational damage and loss of consumer confidence
- Diminished sales
- Costs associated with reissuing compromised payment cards
- Fraud losses
- Higher future costs of compliance
- Legal costs, settlements and fines
- Penalties issued by card brands, issuers and data protection authorities
- Termination of payment processing facilities
- Job losses
- Going out of business
The solution
Ground Labs’ Enterprise Recon helps deliver PCI DSS compliance
Because this financial technology company handles such a high volume of credit card and social security numbers, the team knew it had a monumental task ahead to find where all that data was being stored. That’s why, in 2016, the team decided to partner with Ground Labs, and ever since, has relied on Ground Labs’ award-winning Enterprise Recon software to meet and maintain PCI DSS compliance.
The company uses Enterprise Recon PII to find where credit card and social security numbers are stored within both structured and unstructured data sources, including files, databases, emails, cloud, big data and more.
In addition, this company uses an internal naming system that utilizes nine-digit codes, which most PCI DSS discovery solutions would confuse with social security numbers. However, Enterprise Recon makes it easy for the team to filter those nine-digit codes out of its ongoing scans. This helped the company more accurately discover valid sensitive data and take appropriate action, saving time and – most importantly – keeps clients’ data protected.
Now, the financial technology company uses Enterprise Recon PII to run bi-weekly scans that are automatically executed according to pre-configured recurring scan schedules. After scanning for credit card and social security numbers, Enterprise Recon PII allows the team to view and analyze where sensitive data resides and immediately contact the owners to take action.
Enterprise Recon identified 4 million matches in its initial scan, identifying where the company was unknowingly storing sensitive information.
An initial scan with Enterprise Recon PII resulted in 4 million matches, or 4 million places where the company was storing social security or credit card numbers, some in unexpected locations, such as within Google Chrome cached data.
