Debenhams selects nuBridges Format Preserving Tokenisation
nuBridges announced that Debenhams, one of the UK's largest retailers, has selected nuBridges Protect to secure customer credit card numbers and comply with the Payment Card Industry Data Security Standard (PCI DSS), without expanding its IT infrastructure.
Debenhams is leveraging nuBridges' award-winning nuBridges Protect data security solution to handle the encryption and tokenisation of credit card information collected at its 159 stores located throughout the UK and Ireland, as well as its online store. nuBridges Format Preserving Tokenisation data security solution enabled Debenhams to implement tokenisation across its heterogeneous IT infrastructure throughout its retail, order management and data warehouse systems, without costly programming modifications to applications and databases or requiring additional computing resources to hold encrypted cardholder information.
“nuBridges Protect fit our requirements for an all-encompassing single solution for encryption, tokenisation and key management to manage our existing heterogeneous infrastructure that includes a blend of legacy systems and newer technology,” said Aqil Nasser, Debenhams' Technical Architecture Controller. “Because of its ability to run on all of our systems non-intrusively, we were able to meet all of the PCI DSS encryption requirements and avoid cost and people effort for additional programming and hardware costs that would have been required to run the other solutions we evaluated.”
Debenhams accepts many major credit cards and as a result of PCI compliance is now encrypting these at source and then transferring the encrypted data to the Data Centre to be tokenised. Tokenised credit card numbers expose only the first four digits of the card numbers, which limits the incidences where the full card number appears to authorised employees, solving a key data security issue. Because nuBridges tokens retain the size of the original credit card number, applications and business processes run without modification while adding an extra layer of security to cardholder information.
“nuBridges Protect is so robust and simple to implement that all we had to do was improve our controls,” said Nasser. “We avoided having to add staff to ensure PCI compliance, because the software does the work for us.”
Before selecting nuBridges Protect, Nasser tapped technology industry analyst firm Gartner to narrow the solutions for evaluation. Only a few vendors could perform tokenisation on the IBM i platform (also known as IBM AS/400 or System i), a chief requirement for Debenhams. nuBridges emerged the market leader and was invited to conduct a proof-of-concept in which it successfully demonstrated that nuBridges Protect could run tokenisation on Debenhams' data set in any system or database while enabling authorised employees to decrypt the data whenever necessary.
“At the point of selection, nuBridges was the only vendor we evaluated that could provide tokenisation out-of-the-box effectively,” said Nasser. “Just as important, the nuBridges advisors understood the challenges of our retail environment, and came up with clever ideas for our unique situation. They worked closely with our security and technical teams to implement a solid data security solution that won the approval of our board and has made the PCI compliance process much easier and less expensive than we had originally anticipated.”