Loyalty Lab implements nCipher encryption for PCI compliance
09 January 2006 | 1810 views | 0
Source: Loyalty Lab
Loyalty Lab, the leader in on-demand retail loyalty and customer management in the US, has migrated to nCipher's SecureDB database encryption solution to ensure compliance with new Payment Card Industry (PCI) requirements.
Loyalty Lab uses the SecureDB solution to encrypt all customer information in its databases, assuring retailers and their customers that data is secure.
Loyalty Lab allows retailers to use a customer's credit card information as an identification tool for loyalty programs. While this eliminates the need for issuing loyalty cards, it also requires additional layers of database security. SecureDB enables Loyalty Lab to restrict access to sensitive information through the use of encryption, which is a central requirement of the new PCI standard.
The PCI Data Security Standard was introduced to protect cardholders' credit card account and transaction information. Among the PCI standards are regulations that require encryption of sensitive cardholder data both during transmission and while at rest, for example within a database. Organisations who fail to comply could face fines and restrictions by the credit card associations.
"It's imperative that the variety of retailers and merchants we work with know their customer data is safe and the PCI standards communicate this," says Barak Engel, Loyalty Lab's Chief Security Officer. "nCipher provided us with a simple path to full PCI compliance as the standards evolved; SecureDB was easy to deploy and represented a complete solution in one box."
SecureDB is a database encryption solution that includes a unique policy enforcement engine and database analysis tool designed to streamline deployment. SecureDB's column level approach minimises the performance impact of encryption at this high profile point of attack and provides protection that follows the data. Even if the storage infrastructure is breached, or if the storage media is stolen, sensitive information will remain unintelligible and therefore worthless. By establishing a separation of duties between system administrators and security personnel the risk associated with a single 'super-user' is also minimised. Through its auditing capabilities, SecureDB also provides the visibility into the security management tasks and access to the data as required by the PCI data security standard.
"As the penalties for non-compliance with the PCI data security standard are being more strictly enforced, a robust way to keep sensitive data secure is now an imperative, not a nice-to-have," says Jeff Montgomery, product manager for data encryption at nCipher. "SecureDB is a versatile platform that allows companies of all sizes to securely and cost-effectively protect their data and comply with the PCI requirements."