Payment service provider protects the interest of millions credit card holders

Company profile

This payment service provider is one of the largest in the region, servicing institutions including banks, financial organizations and credit card payment processors. It annually processes over US$30 billion for more than 140,000 merchants and handles over 700 million issuer transactions on over 15 million credit cards.

• Annual Revenue: USD 250 million+
• Employees: 2,500

Challenges

CyberArk Protects Data and Transactions for Millions of Credit Card Holders

When the country’s first digital-only bank chose the payment service provider as its technology partner, it was another milestone on the provider’s journey to success. It also was indicative of a trend of financial institutions shifting their operations to a digital environment, and to experience the cybersecurity challenges that this transition inflicts on the financial services industry.

Today, more than 200 financial organizations, 140,000 merchants and over 15 million credit cards rely on the card payment and transaction processing services that the company provides. The resulting need to access highly sensitive systems and data make Identity Security paramount to its digital business.

Securing the software supply chain is mission critical in the world of digital finance. Adopting PAM controls across endpoints, on-premises and cloud resources helps the provider defend its services and therefore its customers from attacks.

Alongside building customer trust, the provider also must comply with financial cybersecurity regulations that are tougher than most other industry sectors. Its Group CISO said, “We service over 200 banks. If someone was able to hack into our environment and, for example, access credit card information—one of the easiest things to sell on the dark web—it would be a major problem. This is why we take security very seriously and we partner with the best vendors in the market to protect our environment.”

Growing Threat Sophistication

The provider has a comprehensive, multi-layered security infrastructure. One of the company’s key defense pillars that attracted the CISO’s attention was the need to ensure that IT staff and developer access to client data and production environments is appropriately protected and monitored.

Although the company already had a privileged access management product in place, its capabilities had become outdated and unable to deliver the required levels of protection. Increasing reliance on digitized banking operations and the growing sophistication of threats demanded a new approach.

“I think we all have to acknowledge that the top bad actors are probably smarter than us,” said the CISO. “So it is our duty to make things as difficult and complex as possible, in order to increase the efforts needed to circumvent our security and therefore decrease the returns for a cybercriminal attempting an attack.”

Solutions

CyberArk is Core to Security

The company has implemented a CyberArk solution comprising CyberArk Privileged Access Manager and CyberArk Endpoint Privilege Manager. The initial phase covers 600 users in three locations. The company also uses PAM to secure access to its cloud infrastructure hosted in Azure, AWS, Google and Oracle Cloud. It has launched operations in a neighboring country and also will be deploying CyberArk there too. “Now, whenever we enter a new market or location, CyberArk is a core part of our IT and security stack,” said the CISO.

Deployment was a joint effort between the company, CyberArk Security Services and a local CyberArk partner, and took approximately four months to complete. Following deployment, the provider asked CyberArk staff to do a review and health check to ensure everything continued to be in line with CyberArk best practices. The CISO said, “We passed the test and the CyberArk team noted that it was one of the best implementations in the region. For me, it was one of the most efficient and seamless implementations I have seen in my career.”

There was little if any downtime during rollout or any adverse comments from the business. The company ran an internal survey three months after deployment on services and support, and received a near 100% positive response.

Results

CyberArk: a Comfort to Customers

CyberArk enables the provider to gain four key cybersecurity benefits; defend against attacks, drive operational efficiency, enable digital transformation, and rigorously satisfy finance industry compliance and auditing regulations. One of the most important aspects of security, especially in financial services, is compliance. Here CyberArk scores extremely well and helps the provider to meet and exceed all the key financial security compliance regulations, including the critical Payment Card Industry Data Security Standard (PCI DSS) that oversees cybersecurity for card payment services. Another standard that CyberArk helps it meet is ISO 27000, SOC 2 Type 2.

“On top of the protection we receive, CyberArk makes demonstrating compliance much easier because we can access the reports we need for audits so quickly.”

Chief Information Security Officer (CISO).

CyberArk delivers several other benefits, such as ensuring that IT and developer access to client production environments is highly secure but also quick and seamless for users. Not only has CyberArk made access faster, but the deployment also has resulted in standardized security control across the provider’s diverse portfolio of applications and platforms. In addition, the business benefits from the CyberArk threat analytics model that provides alerts based on potential indicators of privilege abuse.

“CyberArk is amazing and a key solution for us. We are regularly audited by our clients and when they see the world-class privileged access management solution we have, it gives them a lot of comfort. When customers realize we have CyberArk, they stop asking questions,” concluded the CISO.

Key benefits

• Delivered a highly secure, yet easy-to-use, privileged access management (PAM) solution
• Positioned company to exceed compliance with rigorous financial services industry regulations
• Ensured financial institution customers are secure
• Gained a near 100% positive response from users
• Implemented standardized security controls across entire on-premises and multi-cloud infrastructure (AWS, Google and Oracle Cloud)
• Implement privileged access management controls for over 600 users in just four months