Cardholder Data Environment

ClientNational Exchange Carrier

Various operational and business support systems have been designated for remediation as a result of PCI compliance assessment. A unique, cost-efficient solution is implemented, where cardholder data footprint is reduced to a self-contained private cloud.

Case Study Overview

Initial State

Over 200 telecommunications applications have been identified as such that expose sensitive credit card information. The estimated effort and forecasted budget to close the gap and achieve regulatory compliance are enormous.


Target State

A non-traditional approach to PCI compliance delivery is proposed: the in-scope applications are not segmented or rewritten, but integrated with a Cardholder Data Environment (CDE) that includes facilities to tokenize payment credentials.

The small-footprint CDE solution is deployed on engineered systems that are fully isolated from the rest of the data center. The internally-managed private cloud includes dedicated network, compute and storage layers which support Java application clusters hosting SIP and HTTP interfaces for voice and data masking.

Telecom case study