MRC Global is the largest distributor of pipe, valve and fitting products, and services to the energy and industrial markets worldwide. A true international organization, it operates in over 44 countries. To supply the needs of these demanding hardware-intensive customers, MRC Global operates as both an e-commerce and storefront retailer, with corresponding warehousing centers and distribution networks. It manages multiple acceptance channels with diverse payment processors, navigating complex international regulations, supported by a mix of ERP software systems.
“The TokenEx Cloud Security Platform already had all the features we needed to integrate with our various systems,” says Max Grannan, MRC Global Senior IS Director of Security and Compliance. “We had some changes to make on our end, and the TokenEx Project Manager was there every step of the way to answer our detailed questions.” The project continued gaining momentum with the TokenEx Project Manager working hand in hand with the MRC Global IT team to resolve any issues during the integration.
The first phase of a tokenization project is to collect all the existing payment card data (PCI) and Personally Identifiable Information (PII) data stored in the databases, and tokenize it. The sensitive data is stored in the TokenEx Cloud Data Vaults. Only the corresponding tokens are returned to the MRC Global databases. Because there was a large number of payment account numbers, bank accounts, and customer data that had accumulated over decades of business, TokenEx also assisted in standardizing the format of the data according to best practices and cleaning up old useless data. This first phase immediately eliminates the risk involved in storing sensitive data. Should a data breach occur in the MRC Global systems, there is no valuable data to steal.
In phase two of MRC Global’s tokenization implementation, the payment streams were integrated with the TokenEx Web Services API, so that as payment data is entered at any acceptance point, it is intercepted, encrypted, sent to TokenEx for tokenizing, and the tokens returned for processing to the MRC Global financial systems. This critical integration ensures that payment data never enters the IT systems, keeping them out of the scope of PCI compliance. This is a significant cost savings, especially for an international company with the number of transactions of MRC Global. In most cases, the savings in PCI compliance—which includes auditing, testing, and upgrading both hardware and software systems to stay in compliance—pays for the tokenization services. Beyond the savings in compliance, the cost of fines resulting from stolen payment data, estimated to be $200 per PAN, is eliminated, along with legal fees, damage to customer relations, and lost business.
“Considering the global scope of our business, the number of payment acceptance channels we have, and the number of systems that process payment information, it was impressive how quickly the complete implementation went”, reflects Grannan. “All the sensitive data was out of our systems, tokenized, vaulted, and payment streams being processed by TokenEx in just eight weeks.”
To read the complete case study, click the download button.