Cnetics helps Nova Information Systems meet Cardholder Information Security Program (CISP) Compliance Regulations

Objective: When you swipe your credit card at a local retailer or key in your credit card number for an online purchase, that information is instantly sent to a credit transaction processor to approve the transaction. Nova Information Systems is one of several large credit card processing companies that handle millions of these transactions every single day. In Nova’s massive database systems, details of each electronic transaction are stored and processed.In order to protect their customers from security breeches and credit card fraud, VISA International mandated a security standard with which card processing vendors such as Nova Information Systems must comply. This security standard is called the Cardholder Information Security Program (CISP) and dictates the security standards for electronic processing of credit card numbers. Nova faced the challenge of passing an extensive audit to ensure CISP compliance.

"Our database team conducted personal interviews with several consultants to determine their level of expertise in Oracle security features," explains Rakesh (Rocky) Gupta, Vice President of Systems Monitoring, Automation and Reporting. Nova chose Cnetics Technologies to guide them through the necessary modifications to harden their systems to meet the CISP security standards.

Solution: Cnetics consultants worked closely with Nova staff and contractors to successfully meet challenging deadlines. Initially, Cnetics staff engaged with Nova staff to create database system prototypes to explore security features and mechanisms. These prototype efforts proved invaluable in determining the best technical paths to take on massive production systems with tight performance expectations.

As security changes were architected, Cnetics and Nova team members worked together to implement configuration changes, code modifications and system changes. Cnetics encouraged Nova’s involvement in each change so that knowledge would be transferred. No matter what was needed to meet aggressive deadlines with significant changes, Cnetics was there--staying late, arriving early and taking on any and all parts of the tasks required to pass the CISP compliance audit. "We were very impressed by Cnetics' willingness to go above and beyond to get the job done," adds Gupta.

A major portion of the work performed by Cnetics was the lion's share of the documentation. Cnetics produced policy, procedure and usage documentation along with extensive technical documentation. Gupta was pleased with the quality of the documentation and "very impressed by the knowledge brought to the table" by Cnetics personnel.

Results: So how did the audit turn out? Rest assured that next time you swipe a credit card, if Nova Information Systems handles the transaction, your credit card data will be safe.