Mainframe

Protecting Your Customers’ Valuable Data – When It Matters Most

June 12, 2024

Safeguarding Sensitive Data: How Broadcom's Swift Response Helped a Major Bank Achieve PCI DSS 4.0 Compliance and Avert a Crisis

Picture this–You're browsing your bank statement and suddenly notice a series of unfamiliar transactions. Your heart sinks as you realize your credit card information has been compromised. It's a scenario that no one wants to experience, but it happens all too often. It’s happened to me!

What do you think are the most valuable sequences of digits in the world today? 

That's right, credit card and debit card numbers. In the wrong hands, these numbers can be used to make fraudulent purchases and drain money from user accounts. It's no wonder that banks and credit card issuers have a vested interest in keeping these numbers secure as they move through the economic ecosystem. After all, these institutions are accountable for refunding customers when fraud occurs.

The million-dollar question: How do we ensure that credit card transactions are as secure as possible? 

The answer lives within the Payment Card Industry Data Security Standard, or PCI DSS. This comprehensive security standard was developed by the Payment Card Industry Security Standards Council, a group created by major players in the credit card industry. PCI DSS sets forth a series of requirements designed to protect sensitive cardholder data and reduce the risk of fraud.

While PCI DSS is not a law per se, compliance is essentially mandatory for any business that wants to accept credit card payments. Failure to comply can result in substantial fines and the immense costs associated with data breaches. The standard is regularly updated to keep pace with evolving security technologies and the ever-changing tactics employed by hackers.

The latest version of the Payment Card Industry Data Security Standard, PCI DSS 4.0, emphasizes the importance of encryption in protecting stored credit card data. This requirement has become a critical concern for organizations handling sensitive cardholder information - and is being mandated by March of 2025.

Broadcom to the Rescue: A Swift and Innovative Solution

In a race against time, a major bank, a valued Broadcom Mainframe customer, found itself in a precarious situation when an audit uncovered a critical vulnerability in its credit card data storage. The reports managed by Broadcom's View product were only compressed, not encrypted, leaving the bank at imminent risk of non-compliance with the stringent PCI DSS 4.0 mandate. With the effective date of March 2025 looming, the bank proactively set an ambitious internal deadline of October 2024 to get ahead of the curve and ensure compliance well before the official mandate. This self-imposed target date meant the bank faced a daunting task: compressing and encrypting all PCI reports across a staggering 56,000 production tapes in a limited timeframe.

Recognizing the gravity of the situation and the potential consequences of non-compliance, Broadcom sprang into action, mobilizing its resources and expertise to develop a swift and effective solution. Time was of the essence, and failure was not an option. Broadcom's team worked tirelessly, collaborating closely with the bank to understand their unique requirements and constraints.
In an unprecedented display of agility and dedication, Broadcom delivered a fully tested and robust solution within a mere month. The solution seamlessly integrated View with CA 1™ Flexible Storage™, creating a powerful combination that empowered the bank to both compress and encrypt reports stored in View using CA1 Flexible Storage.

This groundbreaking solution not only provided a streamlined path to compliance but also significantly enhanced the security of sensitive cardholder data, ensuring that the bank met the stringent encryption requirements of PCI DSS 4.0. The impact of Broadcom's swift response and innovative solution cannot be overstated.

"Broadcom's rapid response and innovative solution were a lifeline for our bank. Faced with a critical vulnerability and an imminent compliance deadline, Broadcom delivered a comprehensive, fully tested solution in record time. Their integration of View with CA 1™ Flexible Storage™ empowered us to compress and encrypt our reports containing PCI, ensuring compliance and enhancing data security. Broadcom's dedication and expertise saved us immense time and money, and their swift action was truly a lifesaving effort for our bank."  Senior Executive, Major Bank 

Broadcom's proactive approach and ability to deliver a game-changing solution in record time exemplify their unwavering commitment to their customers' success. The bank can now rest assured that their credit card data is not only compliant but also fortified against potential breaches, safeguarding their reputation and the trust of their customers.

Take Action Now

If your organization utilizes Broadcom's View solution to manage reports containing credit/debit card data, you must understand and comply with the PCI DSS 4.0 standards, guaranteeing that sensitive information is adequately encrypted. If you uncover View reports with credit card data that are not encrypted, Broadcom offers a combined solution using View and CA1 Flexible Storage. This integration enables you to achieve compliance, safeguard sensitive data, and meet even the most stringent deadlines, ensuring the security of your customers' information and protecting your organization from potential breaches and non-compliance penalties.

 

Learn more about Broadcom’s View solution.

Learn more about CA 1 Flexible Storage.