Case Studies

MineralTree Case Study

Issue link:

Contents of this Issue


Page 0 of 1

MineralTree provides cloud-based accounts payable and payment automa on solu ons for mid-market finance professionals and includes guaranteed fraud protec on. As such, they are required to be PCI compliant to assure current and future customers that their data is secure. Using Threat Stack, MineralTree achieved their compliance goals, and at the same me, significantly improved security visibility in their infrastructure. The Challenge In order to assure customers that their data was secure and protected, Kevin Eberman, Director of Opera ons, needed to organize and monitor his environment to pass a PCI audit. To sa sfy the audit, he and his team set up mul ple new technologies including NTP for clock synchroniza on, host and network intrusion detec on, log management and archiving, file integrity management, and encryp on key management. A Bit About PCI Compliance PCI DSS (the Payment Card Industry Data Security Standard) was created by a coopera ve of credit card providers in 2004, including Visa, MasterCard, American Express, Discover, and JCB. The purpose was to introduce a standard for handling cardholder data and to reduce credit card fraud. To pass a PCI audit, organiza ons must show a Qualified Security Assessor (QSA) that they have documented controls that they can use to handle cardholder data securely. Any systems inside the network that process or otherwise contain cardholder data are considered to be inside the PCI gap, and require that these controls be applied. It is standard prac ce to segregate these systems and networks from everything else as a way to improve security, and it's also impera ve that these involved systems have tools to protect the security of the cardholder data. MineralTree Achieves PCI Compliance with Threat Stack FOUNDED 2010 HEADQUARTERS Cambridge, MA INDUSTRY FinTech EMPLOYEES 50+ C A S E S T U DY

Articles in this issue

view archives of Case Studies - MineralTree Case Study