Field-level Encryption Helps Retail Chain Achieve PCI Compliance

Image

Love’s Travel Stops and Country Stores, a retail travel stop chain with over 210 locations in 34 U.S. states, processes approximately 200,000 credit card transactions on a daily basis. Needing to meet PCI standards, Love’s found in Powertech Encryption for IBM i a product to encrypt credit card numbers in a way that would satisfy PCI compliance auditors.

“We need to be able to access credit card numbers to settle disputes, so if someone disputes a charge or has some other issue, they can contact us, and we’ve got the information we need to take care of it. At the same time, we have to make sure the information is secure. So when the data comes in, it’s placed on a server that‘s segregated from the network, and we’ve set up [Powertech Encryption for IBM i] with triggers such that when we add the records to the history file, the credit card numbers are automatically encrypted,” says Tommy Sellers, Programming Manager for Love’s.

[Powertech Encryption for IBM i] is well designed. There are not a lot of software products that impress me, but I have to say that I really like the way [Powertech Encryption for IBM i] works. It was easy to implement and allowed us to meet all the requirements for securing our data to get PCI compliant.

Tommy Sellers, Love's Travel Stops and Country Stores

Creating a Seamless Process

Text

Due to the large volume of transactions handled by Love’s, Sellers wanted a seamless process for the encryption and decryption of sensitive information.

“We’ve written our own program wrappers to handle the encryption and decryption of the fields, using the APIs provided by [HelpSystems], so the other programmers here don’t have to be familiar with the product if they need to write an application that does decryption—they can just use one of the program wrappers we’ve written and that takes the complexity out of it,” says Sellers. “We’ve got everything set up so it runs automatically. We just forget about it because it’s not something we have to deal with on a daily basis.”

Exceeding Expectations

Text

Love’s relied upon the support and documentation provided by [HelpSystems] to set up the processes and configure Powertech Encryption for IBM i to meet their specific needs. Says Sellers, “One of the main things we liked was that all the examples in the documentation dealt with precisely our situation, which is encrypting fields that contain credit card numbers. So it was very easy to apply that to our business. Also, the people are very good. When we talk with them, we feel like they understand the software and the problem we’re having, and they know how to fix it.”

“Our experiences with [HelpSystems] products have been pretty positive. Right now, we’re working with another one that involves PGP encryption (GoAnywhere). As we transfer sensitive information across the internet, we’re having to deal with security and encryption more and more, and these products are good, the documentation is very good, and they work,” says Sellers.

As for Powertech Encryption for IBM i? “[It] has been doing its job quietly for a while now. The software is well-designed. There are not a lot of software products that impress me, but I have to say that I really like the way [Powertech Encryption for IBM i] works. It was easy to implement and allowed us to meet all the requirements for securing our data to become PCI compliant,” concludes Sellers.

Get Started

Find out how strong encryption, tokenization, integrated key management and auditing can help protect your sensitive IBM i data and meet compliance regulations. Request a free demo of Powertech Encryption for IBM i today.

REQUEST MY DEMO