As a leading technology provider for the leisure travel industry, Trisept Solutions is responsible for processing over $2 billion in annual sales for its clients. Consequently, securing credit card data, and ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a critical mandate for the business. To meet this critical objective, Trisept Solutions uses SecurLib/DataEncryption from comForte.
The Challenge
Trisept Solutions delivers innovative products and services to the leisure travel industry, with clients that include major airlines and nationally recognized hoteliers, tour operators, theme parks, travel marketers, and travel agents. Among its many offerings, the company delivers dynamic packaging technology that enables agents and travelers to compare pricing and purchase the goods and services they need for an upcoming trip—including airline tickets, hotel rooms, rental cars, insurance, attraction tickets, and more—all in one transaction.
Given the broad and frequent usage of its solutions, millions of customers entrust their credit card numbers to Trisept Solutions, and this is a responsibility the team at Trisept Solutions takes very seriously. Historically, the organization had an internally developed application running on the HP NonStop platform that stored sensitive data, including payment information, in an unencrypted format. The company was able to apply what are known as compensating controls, applying security mechanisms around this repository to safeguard and monitor access to sensitive assets. However, it became clear, both from a security and compliance standpoint, that the company would ultimately need to begin employing encryption to secure the sensitive records managed by this application. This was an increasingly critical requirement, particularly in order to comply with rule 3.4 of PCI DSS, which governs the protection of stored cardholder data.
For Trisept Solutions, employing encryption in its HP NonStop-based environment presented some significant challenges:
- First, by converting credit card numbers to encrypted values, the length of these values would expand substantially, which could present implications for both the database and the associated application.
- Second, given the processing-intensive nature of encryption, the IT team needed to ensure that the introduction of encryption didn’t significantly reduce application response times.
- Third, the company would need sophisticated, efficient capabilities for managing all the cryptographic keys that were part of the encryption deployment.
The Solution
To overcome the challenges of implementing database encryption in its HP NonStop environment, the IT team at Trisept Solutions opted to work with SecurLib/DataEncryption from comForte. With SecurLib/DataEncryption, Trisept Solutions was able to implement encryption in HP NonStop platforms while ensuring there are no compromises in availability or performance.
Trisept Solutions used SecurLib/DataEncryption to encrypt primary account numbers (PANs) in the company’s database. When encryption is employed, the field size required to store information can expand substantially. For example, when encrypting a 16 digit credit card number, the resulting encrypted value is larger than the original value. To address this change, the team at Trisept Solutions stored encrypted PANs in a separate database, and used a tokenized value of the PAN, which had a consistent number of digits to the original PAN value, in the original database. Given the fact that the application had a single, centralized interface to the database, application changes only needed to be made in one module.
Through its integration with one of the leading providers of Enterprise Encryption Products, nuBridges Protect Key Manager, SecurLib/DataEncryption helps support efficient key management for the organization. The nuBridges solution can generate all cryptographic keys, which are then saved as a key store on to the NonStop platform.
Finally, SecurLib/DataEncryption delivers the performance and scalability that ensures encryption doesn’t have a negative impact on application performance or the end user experience.
The Benefits
With SecurLib/DataEncryption, Trisept Solutions has realized a range of benefits:
- Strengthened security. By employing encryption, Trisept Solutions can ensure that the sensitive assets held in its database are protected, both from physical theft and from unauthorized access—for example, a malicious insider trying to use a TACL prompt to access the database and extract sensitive data.
- Continued compliance. Encryption was going to be a critical requirement for Trisept Solutions as it sought to pass upcoming PCI audits. Trisept Solutions has never failed a PCI audit, and, with SecurLib/DataEncryption, the organization can effectively address the encryption requirements of PCI DSS, and specifically requirement 3.4 without the need for compensating controls.
- Integration with Enterprise key management engine. Should the need arise to decrypt or encrypt data on other platforms, the nuBridges engine is available on many other platforms as well.
About Trisept Solutions
Trisept Solutions provides leading-edge leisure travel industry technology services, featuring inventory management, a full spectrum of electronic distribution products, and other IT solutions. Trisept Solutions processes more than 300 million e-commerce transactions annually and facilitates the sale of more than three million vacation package reservations for its clients. Its team is comprised of more than 200 innovative professionals at its Milwaukee headquarters. For more information about Trisept Solutions, visit www.triseptsolutions.com.