Follett Higher Education Group Selects Thales HSMs to Assist with PCI DSS Compliance
New Encryption and Key Management Approach Automates Manual Processes
Follett Higher Education Group sells more than 23 million textbooks annually in stores and online, and operates more than 700 campus bookstores for colleges and universities across the United States. For every transaction the company protects its customers' personal data from breaches, complying with PCI DSS. Prior to selecting the Thales solution Follett security administrators manually replaced or rotated old encryption keys by hand in order to fulfill one of the PCI DSS requirements.
By installing Thales hardware security modules (HSMs) from the nCipher product line, Follett has substituted time consuming and unreliable manual processes with an automated key management, storage and generation process. Thales HSMs are deployed on a server and safely distribute encryption keys to Follett's e-commerce and point of sale systems. As a result Follett can rotate encryption keys in a fraction of the time compared with the manual process. Thales HSMs also store the encryption keys in hardware, a best practice for protecting encryption keys.
"With Thales HSMs, we can easily protect, manage, and rotate encryption keys, enabling PCI DSS compliance without the need for expensive manual controls," said Irwin Gafen, Follett's director of wholesale and distribution systems. "Our keys are safe from internal and external tampering, safeguarding our encrypted data against theft or manipulation. Our customers' personal data is protected and we are protected from the potentially high costs of compromised data."
After evaluating a number of competitive solutions on the market, Follett selected Thales HSMs based on the solution's flexibility and ease-of-use. Follett also capitalized on Thales's professional services team, which reviewed the company's security procedures, policies, and systems. The team then developed an implementation plan that fully supported Follett's needs and continued PCI DSS compliance.
"The increasingly high standards of regulation and industry best practices require organizations to better protect sensitive data such as customer details and credit card account information, and encryption has emerged as the preferred method for achieving this", says Serge Dujardin, Vice President Sales for the information systems security activities of Thales. "The Thales nCipher product line delivers a versatile platform that allows companies of all sizes to securely and cost-effectively protect their data and comply with PCI DSS requirements. We are delighted that Follett have chosen Thales HSMs to protect their sensitive customer data."
About Follett Higher Education Group (www.fheg.follett.com)
Follett Higher Education Group of Oak Brook, Illinois, is the leading provider of bookstore services and the foremost supplier of used books in North America. Follett services five million students and over 400,000 faculty members through more than 700 stores. Follett also services more than 1,600 independent campus stores with its wholesale services, and has the most visited ecommerce collegiate website, efollett.com, that provides services and products through a network of more than 900 campus stores.
Thales Deutschland GmbH
Thales is a global technology leader for the Aerospace, Space, Defence, Security and Transportation markets. In 2008, the company generated revenues of 12.7 billion euros with 68,000 employees in 50 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. www.thalesgroup.com