Global Security Strategies for Payment Systems

: Home : Gap/Risk Assessments : Systems Remediation : SCADA/PLC Security : Cyber Security Design : PCI Maintenance Program : Health Care Security : CISO : About Us :

Case #8: Critical business opportunity with MasterCard and gift cards

Business Problem: This company produces gift cards for big box retailers, and rebate debit cards, but were missing out on a larger revenue opportunity with MasterCard that required the company to be certified PCI compliant. One big problem interfered with the business plans, the PCI self-assessments overlooked major findings and a new PCI assessment identified over 65 very difficult problems that needed to be fixed. The executive leadership team thought the company was fully PCI complaint and committed to a compliance deadline with MasterCard, but were no way close to being compliant. Company tried remediation on their own, but experienced a number of business interruptions. Service Level Agreements (SLA's) were being violated and required the VP of IT to go on an "explanation/apology tour" with clients and how these business interruptions would not occur in the future.

Timeframe: Three months

Budget: $525,250

Biggest Project Risk: Business interruptions already occurred prior to arrival and a future interruption would only escalate matters that would compromise the position for the VP of IT.

Business Solution: Performed an analysis of the PCI findings and determined that replacing some network equipment and purchasing commercial-off-the-shelf (COTS) software would remediate a majority of the findings. New software included logging, monitoring, anti-virus, file integrity, and a unified network manager tool for administration. Replaced several firewalls with new firewalls that incorporated IDS. The new hardware and software upgrade reduced the amount of administrative work, provided better visibility into the enterprise for better SLA management, logging tools to troubleshoot "mystery server" shut-down issues, and dramatically increased the security of the gift card, rebate debit card process. In addition, the new infrastructure enabled the company to prepare for the MasterCard opportunity by having secure VPN concentrators for direct connections to MasterCard in both datacenters.

Business Results: The project was completed in the allotted time frame and budget. As a result, a PCI assessment was completed that made the company PCI compliant. The PCI attestation was provided to MasterCard that garnered new revenue opportunities that required the company to hire additional staff as a result of new business.

Privacy Statement

Read our Business Cases with how we have helped customers

Case #1: Turning an $8M PCI project into $2M

Case #2: Past Mergers & Acquisitions prevented PCI compliance

Case #3: Email link installed malware to hijack bank account credentials

Case #4: Global ecommerce company cannot upgrade credit card database

Case #5: Re-architecting an enterprise to avoid a $30M PCI project

Case #6: 3,000 source code vulnerabilities and PCI compliance in 30 days

Case #7: Entertainment company loses credit cards over wireless

Case #8: Critical business opportunity with MasterCard and gift cards

Case #9: $55M Airline data center migration with PCI

Case #10: Making money with PCI packaged solutions