Secure standards to maintain credit card sales
Scandinavian Airlines needed to secure standards to maintain continued operation of credit card sales. This situation, combined with the fact they were using many elderly legacy systems, made the traditional “fixing the gaps approach” for security standards (PCI DSS) a “mission impossible”.
Providing a strategy for forward planning and implementation
Cybercom supported SAS in developing and implementing a strategy focused on a drastic reduction of the card-handling environment. This included techniques like masking/truncation, tokenization and migration to compliant 3rd party services. Servers and clients were analyzed and cleaned using Data Loss Prevention (DLP) techniques. As an added bonus, the customer achieved a number of general IT security improvements.
The analysis phase defined a very large Cardholding Data Environment (CDE), as the card data were used in many other situations than dedicated payment transaction. Magnus Clarving, SAS IT Security Director, explains, “As Cybercom suggested a strict risk-based approach for the whole project, we quickly focused on doing the right things first. This was an approach that was also appreciated by our acquiring banks”.