MTXEPS Locks Down Credit Card Data — from Points of Sale to the Data Centers — with McAfee Integrity Control

MTXEPS is a privately held company that markets electronic payment software solutions. Using three phases to secure customer card data, MTXEPS software suites exceed today’s PCI Data Security Standards (PCI DSS) for enterprise electronic payments.

Comply with PCI DSS and mitigate risk of fraud, tampering, and data breaches
MTXEPS needed a tool that would help it exceed PCI DSS compliance requirements — all the way from point of sale (POS) devices at retail locations to the company’s data centers.

MTXEPS’s goal is to mitigate risk as much as possible, for itself and its customers. For retailers and payment processors, fraud and data breaches are an ongoing concern. Indeed, anyone who processes, stores, or forwards credit card data is under constant threat. According to a 2009 survey conducted by the Association for Financial Professionals, the assault on payments is widespread: over 70 percent of organizations surveyed experienced attempted or actual payments fraud in 2008. The use of electronic payments has also sparked a huge surge in the number and severity of data breaches in the global business environment.

McAfee Integrity Control opens visibility, locks down data, and keeps out malware
“We needed a secure solution that would enable us to track and manage changes across all our devices with a single product, and we wanted to lock down data from the point of sale to the data center,” says Ken Harris, Vice President of MTXEPS. “McAfee Integrity Control provides us with that kind of end-to-end solution.”

A key to a secure environment is gaining visibility into any and all changes happening across its entire IT infrastructure. MTXEPS software is deployed at some 15,000 retail locations across the country, so it is not uncommon for a local “computer expert” to want to change the settings on a point of sale device. But such changes could spell disaster from both a compliance and security perspective.

By ensuring that unauthorized changes can’t be made to POS devices, Integrity Control keeps the MTXEPS IT infrastructure in pristine condition. The McAfee solution also provides real-time visibility into any changes that could compromise security, compliance, and availability, giving MTXEPS complete control over every device in its environment. If an incident does occur, MTXEPS can respond quickly and efficiently, without having to add any extra resources.

Finally, McAfee Integrity Control keeps out viruses and malware, enabling MTXEPS retail customers to quickly and cost-effectively meet PCI requirements — a huge customer benefit. Fear of attack concerns everyone in retail. MTXEPS, like other electronic payment vendors, is well aware of the data breaches that plague its industry. An incident at Heartland Payment Systems, for example, potentially compromised over 100 million cards.

“Clearly, a data breach is our worst nightmare,” says Harris. “With McAfee Integrity Control keeping tabs for us—essentially, it’s a fourth layer of protection for us and our customers — we’re now a lot more confident.”

MTXEPS is committed to making sure a breach doesn’t happen on its watch. That’s why the electronic payment vendor turned to a McAfee solution.

Extending the security connection: from POS to the data center
MTXEPS is implementing McAfee Integrity Control on the data center side to gain the same lockdown and change management controls it achieved with its POS devices. “We can now have one management tool and one view across our entire infrastructure,” notes Harris. “If any unauthorized changes happen to the system, our guys are going to catch them a lot faster and a lot more easily. This is a capability we didn’t have before and a huge benefit.”

"McAfee keeps our IT infrastructure in pristine condition…. It has definitely made us more confident than we were without it."

Ken Harris
Vice President, MTXEPS Inc.

MTXEPS looked at several solutions for its data center, but in the end McAfee Integrity Control was the clear choice. The fact that McAfee was already integrated into MTXEPS’s payment software at the point of sale certainly weighed heavily in the decision.

Another reason was MTXEPS’s partnership with Retalix, a leading provider of software solutions to retailers and distributors worldwide. Retalix is a longstanding McAfee customer, so it made sense for MTXEPS to standardize on the technology too.

“Using a McAfee solution across the board for end-to-end protection was the logical choice,” states Harris. “We’ve had success with the product at the point of sale, so it made sense to reuse that same knowledge in the data center, instead of spending more time and resources managing two completely different products.”

The overall effect is a solution that’s greater than its parts.

Beyond PCI compliance…
MTXEPS has always had a strong security and compliance posture. But what McAfee brings to the table is the ability to go beyond current PCI standards, to ensure the company is prepared for whatever the future might bring.

“The truth is that McAfee is doing a better job in terms of change management control and PCI compliance than anything we had before,” states Harris.

With McAfee, MTXEPS has complete visibility into changes in its environment and complete assurance that no executables will be tampered with. It also has greater confidence than ever before that no unauthorized or malicious code will enter the system. All from a single system.

MTXEPS

Customer profile

A leading provider of enterprise electronic payment solutions

Industry

Electronic Payment SaaS

IT environment

Deployed end–to-end from points of sale (POS) to the company’s data centers

Challenges

Protect payment service from malware, data breaches, and unauthorized system changes

McAfee solution

McAfee Integrity Control

Results

  • Protects MTXEPS against malware attacks, data breaches, and unauthorized system changes
  • Provides real-time system-wide visibility into attempted or actual changes to devices
  • Helps ensure that security exceeds PCI compliance standards