Were you to have been asked that question some years ago, the answer most likely would have bee “I’m not sure”....
Major Oil Company Chooses Tokenization to Achieve PCI Compliance
This oil company is one of the largest in the world and ranks among the top 10 companies in the Fortune Global 500. In the United States, they run a vast POS network on mission-critical systems that include nearly 14,000 gas stations. At peak levels, this system processes 225 transactions per second. They also run a customer rewards program that requires the scanning and authorization of customer cards. The rewards program keeps track of every time a customer uses one of their gas stations, which over time has generated a large volume of data.
What were the key challenges?
PCI compliance without compensating controls
The main goal was to tokenize cardholder data throughout the payments network in accordance with PCI requirements. Up until this point, the company had been relying on compensating controls, which were becoming costly and impractical.
PCI Requirement 3.4 stipulates that payment account numbers (PANs) must be rendered unreadable anywhere they are stored and, according to Requirement 4.1, cardholder data must also be protected when transmitted. This means the data has to be protected while in motion and at rest.
Maintain service levels on high volume network
An additional challenge was that the system had to stay online throughout implementation and without impacting service levels. At peak service levels the system handles up to 225 transactions per second and up to 100 million USD in a single day. In an average month, the system manages approximately 2-4 billion dollars’ worth of transactions. Any interruption of service would be extremely costly.
Deploy on a highly complex environment
The company uses a combination of ACI’s Base24 Classic and BASE24-eps on its mission-critical systems. Implementation on BASE24 Classic was especially complicated in this situation as the company had extensively modified their BASE24 Classic configuration to accommodate their specific business needs. In addition, the servers are in active/active mode so that traffic is constantly balanced across both systems and freely bouncing back and forth. This meant deployment had to be done in a running, truly NonStop production environment.
Click below to download the case study to find out how this HPE NonStop user successfully mastered these challenges.