PayPoint Simplifies PCI DSS Compliance and Overcomes Shortage of Cybersecurity Skills
I worked with Change Tracker in a previous role and had a great experience. In addition to the significant costs savings Change Tracker would bring to the table, the product would also help us to achieve PCI compliance and overcome our shortage in cybersecurity skills since the product effectively automates the routine work of cybersecurity and compliance — eliminating the need for human interaction.
Simon Green, Head of Infrastructure at PayPoint
As an organization that processes billions of dollars’ worth of payments each year, PayPoint recognized — due to a changing threat landscape and regulatory environment — the critical need to protect large volumes of sensitive data and improve their IT environment.
Additionally, PayPoint needed to navigate the cybersecurity skills shortage that presents a challenge for many companies in their industry. PayPoint was required to adhere to PCI DSS compliance, and part of that mandate requires organizations to ensure that various file tracking and monitoring systems are in place.
PayPoint already had a File Integrity Monitoring (FIM) solution; however, as they were going through an IT transformation, they needed to increase their FIM services — and this would have significantly increased their costs.
Simon Green, Head of Infrastructure at PayPoint explained that increasing FIM services with PayPoint’s previous provider was problematic. “Since processing, some of these client transactions are so expensive due to the added security required, we actually earn minimal margins from them,” he said.
Change Tracker is recognizing more change alerts and has given us the confidence that our IT environment is in a secure and compliant state, removing the need for our team to carry out manual checks.
Simon Green, Head of Infrastructure at PayPoint
To address their diverse set of challenges, PayPoint deployed Change Tracker across their organization. Change Tracker made achieving and maintaining continuous PCI compliance straightforward by providing built-in auditing and monitoring reports and templates. With Change Tracker, PayPoint could be confident that any breach of compliance rule would be reported — including file integrity changes, installed programs and updates, security and audit policies, and user account and password policies.
According to Green, Change Tracker made PCI compliance simple for PayPoint. “The ability for non-technical people to understand what’s going on in our IT environment is excellent,” he said.
“NNT have put a lot of work into the product over the years, and they continue to update and improve it time and time again. The flexibility of the licensing model works well for us, too, as we can flex up and down as needed. Signing up to a 5-year deal with NNT was an easy decision.”
Green also said that Change Tracker’s integration with ServiceNow’s ITSM tool enables PayPoint to have a closed-loop environment for change management. This meant that approved and authorized changes issued by ServiceNow could be validated, with a full audit trail of what had been changed and reconciled with the change request. “The ServiceNow integration with our previous FIM tool was weak and not supportive of our IT transformation goals,” Green explained. “I’m pleased to report that we’re in a much better place with our ServiceNow platform tightly integrated with Change Tracker, ensuring the change approval and reconciliation process is followed correctly in our fast-paced, complex IT environment.”
Working with Change Tracker has helped PayPoint achieve a state of continuous PCI compliance, and it has eased the burden of having to conduct manual checks by giving PayPoint the confidence that any unauthorized changes taking place in their IT environment will be identified and treated accordingly. “Before Change Tracker, one of our legacy systems was making changes without authorization,” Green said. “Someone in the business was allowing the changes without going through the change approval process, and our previous FIM product wasn’t reporting any of it.”
- Continuous PCI DSS compliance
- Improved change management controls via integration with ServiceNow ITSM
- Strengthened protection and detection
- Automation of processes
- Delivery of a business-critical level of security
- Peace of mind
Thanks to PayPoint’s network of 60,000 stores and its pioneering retail technology, services, and omni-channel payment solutions, the company makes life easier for millions of customers every day. With $13 billion (USD) of payments processed each year and revenue of $278.5 million (USD) in 2019, PayPoint’s success and sustainable growth are driven by their desire to continuously innovate and create unrivaled customer experiences. PayPoint is listed on the London Stock Exchange and is an integral component of the FTSE 250 Index. In 2017, PayPoint established an internal Cyber Security & Information Technology sub-committee in order to recognize the significance of cybersecurity, the need for increased focus, and the importance of a structured approach to continuously improving their cybersecurity and compliance posture.
Industry: Financial Services