TOKENEX AT WORK
For security purposes, the following scenario is based on several TokenEx clients.
A hotel and resort facility had a problem. A malware infection was uncovered in one of its service partner’s payment systems that could have easily spread to its own network of property management applications, reservation system, and point of sale (POS) at stores and food courts. The uncovered malware was designed to siphon off payment and personal information. The IT Security Manager of the resort knew it was only a matter of time before the malware would spread into IT systems using the same zero-day exploit. Fortunately, it was stopped at the partner’s systems before it could spread and the IT staff patched the known exploit. But what about the next variant of malware? It was only a matter of time before a breach was successful.
Taking this information to the resort’s management team, the Security Manager proposed looking for a layered security solution that would prevent any data loss should the next malware attack be successful. The questions he presented— How long would the period of time be between infection and discovery? How much data would be lost? What would be the true cost of the breach in fines and customer trust? – drove their search for solutions.
Management knew all too well from news headlines the repercussions of data breaches in the hospitality sector. Penalties and fines for lost data are a brutal business expense, but loss of trust from guests who have their personal and payment data stolen are virtually incalculable. The Security Manager was given a green light to investigate the best way to avoid these seemingly unavoidable hacks.
The Security Team at the resort went to work patching all their servers and databases, investing in viral detection software, and training personnel on security measures. All well and good as a first phase. But the team knew there was a huge honeypot of data sitting in their systems, both payment and PII, that could be at risk should any of the preventative measure fail against a new zero-day exploit or undetectable malware infection. The challenge remained, how to get the payment and PII data out of the resort’s IT systems and stored where it could never be stolen, yet be able to continue business operations as usual.
Through research and networking with other IT managers, the team settled on tokenization as the best overall solution to remove the toxic data out of the business systems. More research and interviews with other IT organizations led them to TokenEx, which was the only security vendor that could provide tokenization for both payment and PII data, secure cloud data vaulting, simultaneous access to multiple payment processors, and flexibility to work with third-party payment service providers such as fraud detection.
As TokenEx consulted with the resort, it became clear that the tokenization plan had to encompass the resort’s call center, web portal, on-site card readers, and back office reservation and property management system. At each point of data entry, payment and PII data had to be captured before entering any of the IT systems, encrypted, transmitted to the TokenEx Cloud Security Platform to be tokenized and the original data securely vaulted. Only tokens representing the PCI and PII data are returned to the resort’s business systems to be used as substitutes for guest data in billing and on-site services. As a result, should malware invade the call center, web server, or back office systems, there would be no valuable data to steal, only tokens that are undecipherable by any means to hackers. For each of the systems receiving sensitive data, a combination of TokenEx technologies are deployed.
- The Call center is equipped with point to point encrypted (P2Pe) pin pads that encrypt upon data entry. The encrypted data is sent directly to the TokenEx Cloud Security Platform via the TokenEx API, where it is decrypted, tokenized, vaulted, and in some cases transmitted to the chosen payment gateway for real-time processing. Tokens representing the guest credit card account numbers are returned to the secure servers at the resort to be used for on-site services and checkout. Since the private encryption key for the pin pads is only known to TokenEx, the data is secure from the moment it is entered by the call center agent.
- The resort’s web portal accepts guest reservations, payment information, and personal information during the reservation process. The resort opted to use the TokenEx iFrame Hosted Payment Page solution to move all final sensitive data entry through the portal onto the TokenEx Cloud Security Platform. As guests enter their payment and personal data, they are actually interacting with fields hosted by TokenEx. The process is transparent to the guests, as it appears to be happening on the resort’s web site page. As a result, no sensitive data is captured by the resort’s web server or back end systems. Only tokens are returned to the resort’s business systems for nightly payment batch processing. Personal data can be captured in the iFrame solution as well, keeping it secure and out of the business systems.
- On-site at the resort, such as at the front desk, at restaurants, and the spa, guests typically rely on the payment information submitted through the call center or web portal. If they want to use a different card for points or rewards, the payment card information is swiped or dipped on P2Pe card readers, which transmits the encrypted PANs directly to the processor for authorization and settlement. At the end of the day a reporting file is generated by the processor with all the transaction details. That file, containing PAN data, is first routed through TokenEx where it is tokenized before it ever reaches the resort’s environment. Again, even if the back office server is somehow breached, only tokenized data is exposed.
By securing all sensitive data entry points with encryption, tokenization, and secure data vaulting, the resort eliminates the risk of data theft. Because TokenEx can tokenize all forms of sensitive data, PCI and PII, not only is payment data is safeguarded, but so is personal guest information. Bonus: by removing all payment data from IT systems, the scope and therefore cost of PCI compliance is greatly reduced, thus counterbalancing the costs of the tokenization project.