"[With VGS] we know that even in a complete breach scenario, hackers would not get access to that card information because we simply don’t have it.”
- Sean Hederman, CIO
From the very first look, Sean was impressed with the VGS solution technically. “It’s a very elegant solution. With just a quick configuration on our side, payment card information essentially hops over our entire company.”
No More CDE and An Easy Hop to PCI Level 1
Now that payment information no longer touches Zilch’s networks, the card data environment they painstakingly set up and maintained became obsolete. The team got rid of their CDE but kept most of the security controls they’d put in place to continue their industry-leading security program. Sean says, “We’ve now gotten rid of our cardholder data environment since card numbers no longer touch our network. More importantly, we now know that even in a complete breach scenario, hackers would not get access to that card information because we simply don’t have it.”
This change to Zilch’s architecture helped “immensely because essentially most of our systems were now out of scope,” shares Sean. And since they already applied PCI controls to most of their network, by adding VGS’s expertise, upgrading to level 1 wasn’t a huge lift. “PCI level one is a much more rigorous standard – but it wasn’t a gigantic exercise. We did the whole PCI compliance, including changing policies and the audit, in about two months.” VGS also introduced the team to an auditor, something Sean says was beneficial.
Proactive Compliance for Global Expansion
During the audit process, the Zilch team used the VGS Control dashboard. As they expand across the globe, they’re finding the dashboard extremely helpful in getting compliance information proactively prepared for each new country.
“We found [the Control dashboard] really, really useful. It’s very well organized, and the information required for the auditors is universal. Now that we’re expanding into so many new countries, we’re using the Control panel as inspiration. We take the pack of information as a preliminary POC and provide it to third parties and banks when we begin engaging with them.”
New Countries, New Use Cases
And as Zilch expands to new countries, the team discovers new use cases that VGS solves for them too. For example, in the United States, it needs to collect Social Security numbers to pass to back-end systems for things like credit checks. Luckily, VGS Vault takes care of this super sensitive PII data just as well as it does payment card information.