One of America’s largest cruise lines needed help. After conducting an internal review of the new version of PCI DSS, 4.0, the company realized it needed to up-level its internal capabilities for identifying credit card data in places where it shouldn’t be. With a scheduled yearly PCI compliance review by independent reviewers only months away, and a leadership desire to more clearly meet the increased expectations, the cruise line asked KPMG to help rapidly deploy a technological solution and support greatly expanded scans for credit card data. In addition, out of an abundance of caution, the organization asked KPMG to assist it in enhancing its ability to detect and block credit card data that may have inadvertently been sent via email. These steps would help to ensure compliance with revised PCI expectations and improve overall security.
Choppy seas
Before
Next
After
Today, thanks to the implementation of the Microsoft Purview solution, the cruise line’s credit card discovery processes are greatly enhanced. The system has been configured to help enforce PCI DSS standards, and it has been augmented with custom scripting to drive efficiency throughout.
�
Emails containing credit card information are automatically blocked and returned to sender. A significant amount of company files have been scanned to find and remove any credit card data they previously contained, reinforcing the company’s “no stored credit card” policy. Data scanning solutions have been deployed to dozens of ships, so that the PCI scanning can occur even in the far reaches of the ocean, even away from high-speed internet connections.
Smooth sailing
With the solution now implemented across dozens of ships, the cruise line will expand the program throughout the fleet, consistent with PCI compliance expectations.
A bright tomorrow
Next
After
Before
