You are currently on IBM Systems Media’s archival website. Click here to view our new website.

IBM i > CASE STUDIES > RETAIL

Shear Protection

Regis Corporation cuts credit-card exposure risks with nuBridges Protect


IT Security Officer Bernie Rominski says adopting the PCI DSS model helps Regis Corporation safeguard customer data.

Confidence in the Company

Although Regis doesn’t use public networks to communicate with its stores, which reduces the possibility of in-transit credit-card information loss, it felt it should, as of 2004, begin taking steps to comply with PCI DSS encryption requirements. The company was also using a network-access solution that let the IT department, working with various business units, establish who could access credit-card data. “We restricted user access to this information based on need to know,” Rominski says. “So maybe only customer service or loss prevention would have access to the data, as part of their day-to-day business requirements.”

Even with secure store-to-headquarters connections and the built-in security of the System i platform, Regis felt that it would be best to encrypt that credit-card data from POS origin to System i storage and off-site backups. This became especially critical as the company began contemplating using public networks for data transfers—although it hasn’t done so yet. Regis simply couldn’t accept the potential for any type of personal-information exposure, not just because of PCI DSS, but also because the company thought it was the right thing to do.

But thinking about the right thing to do and actually tackling it are two different issues. Companies can’t simply develop an in-house encryption solution and deploy it, as they do with many homegrown applications. Rather, they must weigh and test vendor-supplied encryption solutions to find what fits best into a company’s business processes with the least disruption.

For Regis, that meant finding an encryption package that would work in a cross-platform IBM i and Windows* environment, since its POS system is based on Windows technology. Any encryption solution would have to take both platforms into account but run directly on IBM i, with the platform acting as the core encryption-management system.

“We probably have hundreds of years of collective development experience on the System i platform. The same isn’t true of Windows. In fact, when I came here in 2000, I think we had five Windows servers. Now, we have around 450 Windows and Linux* servers, but the i is simply a more trustworthy platform,” Rominski says.

The company quickly zeroed in on nuBridges Protect, but it wasn’t an immediate sale. Regis had multiple conversations with nuBridges’ sales staff and engineering team. “They made sure we understood what the product could do,” Rominski says. “This presales process really boosted our confidence in the company.”

Regis decided to give nuBridges Protect a run around the block. For two months, Regis looked at the solution from nearly every angle—first poring over documentation and engaging in online demonstrations, then taking possession of an evaluation version of the tool—and then purchased it.

Jim Utsler, IBM Systems Magazine senior writer, has been covering the technology field for more than a decade. Jim can be reached at jjutsler@provide.net.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

A Reason to Celebrate

Phantom Fireworks teams IBM System i hardware with a BI solution and ERP software to launch reports.

A Valuable Resource

Motta Internacional uses ACOM products to decrease paper use and save trees

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters