Discover’s Pulse network chooses comforte AG for PCI compliance
Download- Robust security with zero latency
- Best-in-market solution for protecting PANs in accordance with PCI compliance
- Seamless integration and intuitive configuration allowed for rapid deployment and adoption
PULSE, a Discover Company, operates an electronic funds transfer network, providing more than 3,300 financial institutions issuing debit cards on the PULSE network with access to approximately 1.8 million ATMs domestically and internationally, as well as merchant acceptance throughout the U.S. for debit transactions. PULSE network transaction dollar volume in 2021 was $247.9 billion.
The threats to sensitive data are constantly evolving and therefore financial institutions have to continually adapt their data security strategy to mitigate risks.
New PCI Audit Requirements with Short Delivery Schedule
The project began in response to new PCI DSS audit requirements.. As a debit network, PULSE is required to tokenize primary account numbers (PANs). As soon as the new requirements were identified, PULSE worked to find a solution that would help them comply.
Owing to the short delivery schedule, the solution also needed to offer intuitive user capabilities and support so that implementation and adoption could move quickly and smoothly. Therefore, they had to vet potential solutions and vendors carefully before making a decision.
Compatibility with Guardian OS and Connected Platforms
The PULSE environment is complex and involves many different business functions and operations. The debit network consists of HPE NonStop systems running on the Guardian operating system, so the solution to tokenize the PAN data at rest needed to be compatible, as well as extendible across various PULSE platforms including settlement, fraud, and reporting. Protecting this environment requires more than simply tokenizing sensitive data, it must also consider how this tokenized data is handled.
The PULSE teams reviewed multiple proofs of concept to tokenize PAN data. Comforte proved itself as a strong partner, and SecurDPS came out as the winner with its seamless integration and tokenization capabilities.
Tokenization
Comforte’s tokenization technology is accredited by the American National Standards Institute (ANSI) and is part of the ANSI X9 Tokenization standard. By choosing comforte, PULSE has implemented a reputable option for tokenizing data and reduces the risk of exposure of sensitive data.
Furthermore, PULSE is able to demonstrate to customers that it remains committed to secure transaction processing and protecting customer data.
Seamless Integration for Rapid Deployment
SecurDPS is a comprehensive data security platform with seamless integration capabilities. Combined with advanced mechanisms for locating sensitive data in the organization’s data sources and data streams, it operates completely transparently, i.e., “under the hood” of the application. Transparent integration with SecurDPS is currently supported for both Enscribe and SQL which are the most commonly used file/database technologies on HPE NonStop. This, combined with comforte’s experienced professional services group, helped PULSE meet their deployment within their aggressive timelines.
PULSE’s proof of concept with comforte ran for three months and the overall deployment was completed within the same year. The solution provided the capabilities to meet their needs and easily integrated with their existing systems. SecurDPS allows the securing of sensitive data (e.g., PANs) stored in the Enscribe databases on the HPE NonStop and it allows seamless operation in conjunction with their Disaster Recovery software and other data operations.
"Comforte AG has been a valuable partner for our tokenization and encryption needs. Their expertise in this domain has provided us with proven, effective solutions that are compatible with our internal systems and software. We appreciate their partnership, collaboration, and expertise in this area."
– Stephanie Stamos, Director Technology Services at Discover