Prepaid Payment Card Company Trusts Forcepoint to Safeguard Customer Data in Ultra-Competitive Market

Challenges

• Provide best-in-class web, data, and cloud security for a global IT operation.
• Build a centrally managed, unified, platform-based security solution.
• Cut back on false positives generated by previous DLP solution.
• 'Future proof’ companywide security for changing business needs and compliance requirements.

Approach

• Deploy Forcepoint Web Security, DLP, and CASB on a unified platform protecting 4,000 global employees.

Results

• Centralized control over a unified, integrated security framework protecting against external and internal threats.
• Reduced false positives generated by previous DLP solution.
• Company prepared to more easily adapt to changing security needs, such as updates to PCI DSS rules.
   

Prepaid payment methods that aren’t connected to a bank account are popular with students, travelers, and other consumers. It’s no wonder— prepaid cards and money transfer accounts can remove the hassle of credit checks, make budgeting simpler, and limit the damage if a card or account is compromised. People using prepaid payment methods expect their cards and accounts to “just work.” When something goes wrong for a customer, switching to a different card or account provider is a lot easier than changing banks or credit card companies. It can be as simple as buying a new card at a shop or setting up a new money transfer account online.

In such a competitive marketplace, it’s crucial for prepaid payment providers to ensure that their own operations run securely and smoothly, 24-7, while adhering to government data protection regulations and industry standards like the Payment Card Industry Data Security Standard (PCI DSS).

The global prepaid payment industry is projected to triple in size over the next four years to reach more than $4 trillion in overall market value by 2023. This UK-based prepaid card company, which manages about $50 billion for customers around the world, competes with other prepaid payment specialists in the market as well as with traditional banks offering prepaid payment products. The company’s products include its prepaid payment cards, digital wallets, online payment and money transfer accounts, and a “buy now, pay later” ecommerce payment service. As a financial services company with an international presence, it must maintain the highest standards of data security to safeguard its customers’ personal and financial data.

Moving operations to the cloud requires a new security solution

The company recently transferred a large chunk of its back-office operations from Canada to Bulgaria. The move prompted the company to reassess whether its existing cybersecurity framework was still the right approach for this new arrangement. The company had already migrated to Office 365 and was in the process of shifting to even more cloudbased applications for things like CRM. Moving about a quarter of its support staff to Bulgaria accelerated the transition to the cloud and the company’s cybersecurity team wanted to do that as securely as possible.

The CISO also wanted to take this opportunity to “harmonize the security stack” and “future proof” this new security platform for at least five years. As part of that effort, he decided to move away from a different cybersecurity company’s on-premise Data Loss Prevention (DLP) product which was difficult to manage remotely and generated too many false positives. The CISO wanted a cloud-based DLP solution that could be managed centrally instead.

A unified approach to cloud, data, and web security

Happy with the results of a Forcepoint Proof of Concept, the company decided to build an integrated security platform comprising Forcepoint Web Security, Forcepoint DLP, and Forcepoint Cloud Access Security Broker (CASB). This new security solution was deployed companywide for 4,000-plus employees around the globe.

This approach was designed to deliver best-in-class solutions for the three key areas of concern: Data loss via exfiltration, cloud security, and external threats:

• Forcepoint DLP offers protection against data loss caused by an organization’s own users and systems, identifying risky users and network-connected devices while still fully empowering employees to safely work across devices, connect to multiple networks, and work within cloud apps.
• Forcepoint CASB provides complete visibility into shadow IT, identifying and categorizing cloud apps to assess risk and pinpointing which services to allow and monitor.
• Forcepoint Web Security protects against external threats with features like best-in-class URL filtering to easy-to-set polices for managing access to corporate assets, while also offering seamless integration with Forcepoint’s CASB and DLP products.

Crucially, the cybersecurity team can manage all of the elements of this unified security platform from a central location at the company’s London headquarters.

Secure in the present, prepared for the future

The company’s unified, platform approach to cybersecurity has fulfilled the CISO’s goals of “harmonizing” the company’s security stack to better protect against present-day threats and cutting down on false positives compared to the previous DLP solution, while also preparing for new challenges in the future.

The ability to more easily comply with data protection regulations and industry standards is one way that the company is now “future-proofed,” according to Forcepoint Account Manager Amit Kheti. For example, Forcepoint DLP’s comprehensive library of predefined data loss policies make it simple to implement policies to meet compliance requirements in any new markets the company might enter in the future. It’s also assured of being up to speed with the latest PCI DSS rules.

Customers expect their prepaid payment cards, digital wallets, and money transfer accounts to “just work.” With a little help from Forcepoint, the company is making that happen all around the world.