PayPoint simplifies PCI DSS compliance and overcomes shortage of cybersecurity skills
Challenge
- Protect large volumes of sensitive payment data
As an organization processing billions of dollars in payments each year, PayPoint needed stronger safeguards to protect sensitive data. A shifting threat landscape and evolving regulatory requirements made it essential to improve visibility and tighten security across their IT environment. - Address the cybersecurity skills shortage
Like many organizations in the payments industry, PayPoint faced a shortage of skilled cybersecurity professionals. Despite this, they were still required to meet PCI DSS mandates, including maintaining robust file tracking and monitoring systems — tasks that traditionally require significant expertise and resources. - Meet PCI DSS requirements for file monitoring and integrity controls
To maintain PCI DSS compliance, PayPoint needed reliable monitoring and file integrity controls. Their existing tools were not providing the level of coverage required, making compliance more difficult and time-consuming. - Avoid rising costs tied to expanding FIM requirements
Although PayPoint already had a File Integrity Monitoring (FIM) solution in place, their IT transformation required expanding FIM services. Increasing coverage through their current provider would have significantly raised costs. As Simon Green, Head of Infrastructure, noted, scaling their existing solution was becoming increasingly challenging and unsustainable.
Since processing, some of these client transactions are so expensive due to the added security required, we actually earn minimal margins from them.
Simon Green, Head of Infrastructure at PayPoint
Netwrix solution
To address their diverse set of challenges, PayPoint deployed Change Tracker across their organization.
I worked with Change Tracker in a previous role and had a great experience. In addition to the significant costs savings Change Tracker would bring to the table, the product would also help us to achieve PCI compliance and overcome our shortage in cybersecurity skills since the product effectively automates the routine work of cybersecurity and compliance — eliminating the need for human interaction.
Simon Green, Head of Infrastructure at PayPoint
- Simplified and continuous PCI DSS compliance. By deploying Change Tracker across the organization, PayPoint gained built-in auditing, monitoring reports and compliance templates that made achieving and maintaining PCI DSS requirements far more straightforward. The solution automatically reported any compliance violations — including file integrity changes, installed programs, security policies and password policy issues — eliminating guesswork and reducing manual effort.
The ability for non-technical people to understand what’s going on in our IT environment is excellent.
Simon Green, Head of Infrastructure at PayPoint
- Flexible licensing that scales with business needs. Change Tracker’s adaptable licensing model enabled PayPoint to scale usage up or down based on operational needs, avoiding the cost spikes they faced with their previous FIM provider. The long-term value and continuous product improvements made the investment clear.
Netwrix have put a lot of work into the product over the years, and they continue to update and improve it time and time again. The flexibility of the licensing model works well for us, too, as we can flex up and down as needed. Signing up to a 5-year deal with Netwrix was an easy decision.
Simon Green, Head of Infrastructure at PayPoint
- Strong integration with ServiceNow for closed-loop change control. Change Tracker integrated seamlessly with ServiceNow, enabling PayPoint to validate approved changes and maintain a complete audit trail for reconciliation. This closed-loop environment ensured change approval processes were consistently followed — something they could not achieve with their previous tool.
The ServiceNow integration with our previous FIM tool was weak and not supportive of our IT transformation goals. I’m pleased to report that we’re in a much better place with our ServiceNow platform tightly integrated with Change Tracker, ensuring the change approval and reconciliation process is followed correctly in our fast-paced, complex IT environment.
Simon Green, Head of Infrastructure at PayPoint
- Improved security posture through reliable detection of unauthorized changes. With Change Tracker, PayPoint no longer needed to rely on manual checks or incomplete alerts. The solution reliably identified unauthorized activity and provided visibility they lacked before.
“Before Change Tracker, one of our legacy systems was making changes without authorization,” Green said. Someone in the business was allowing the changes without going through the change approval process, and our previous FIM product wasn’t reporting any of it.
Simon Green, Head of Infrastructure at PayPoint
Change Tracker is recognizing more change alerts and has given us the confidence that our IT environment is in a secure and compliant state, removing the need for our team to carry out manual checks.
Simon Green, Head of Infrastructure at PayPoint
Key benefits
- Continuous PCI DSS compliance
- Improved change management controls via integration with ServiceNow ITSM
- Strengthened protection and detection
- Automation of processes
- Delivery of a business-critical level of security
- Peace of mind
Thanks to PayPoint’s network of 60,000 stores and its pioneering retail technology, services, and omni-channel payment solutions, the company makes life easier for millions of customers every day. With $13 billion (USD) of payments processed each year and revenue of $278.5 million (USD) in 2019, PayPoint’s success and sustainable growth are driven by their desire to continuously innovate and create unrivaled customer experiences. PayPoint is listed on the London Stock Exchange and is an integral component of the FTSE 250 Index. In 2017, PayPoint established an internal Cyber Security & Information Technology sub-committee in order to recognize the significance of cybersecurity, the need for increased focus, and the importance of a structured approach to continuously improving their cybersecurity and compliance posture.
Netwrix Applications
Share on
