The problem
Nearly one hundred thousand businesses rely on this payment transaction company to manage their payment activity, and make purchasing simple and secure for their customers. The company’s infrastructure holds vast amounts of highly sensitive financial data about every transaction they process: credit card numbers, security codes, even merchant bank account numbers. Protecting all of that important information is their top priority, and their obligation under the law.
To maintain their vital government accreditation, the company was required to conduct an annual security audit of their systems. During one of these testing periods, the team noticed an unprecedented spike in declined transactions. A group of hackers, working for a Brazilian organized crime syndicate, was in their system, actively helping themselves to credit card data. With the deadline for completion of their important security audit fast approaching, the internal team was pressed for time. And, they didn’t have the expertise to stop the attacks on their own. Fortunately, the RedShield team was ready to jump into action.
The solution
RedShield reviewed the application logs, and learned exactly what weapons the attackers were using.
Then, they built, tested, and deployed custom web application shields to protect the payment interface from the specific
attacks. Because they understood the attacks in such detail, they were able to include an adaptive algorithm that kept the bad guys out, without blocking legitimate users. Finally, RedShield developed custom reporting dashboards that enabled the payment company team to identify impacted merchants, and highlight potentially fraudulent transactions.
The results
In less than three days, the RedShield solution was in full operation, and was 100% automated, requiring no maintenance or efforts by the payment company’s team. RedShield continued to monitor the system, and thwart any attempted attacks. Within a week, all attempts stopped. The payment processor passed the security audit, and met its accreditation deadline. Proof once again that RedShield can take on anything. Even organised crime.
Today, RedShield continues to stand guard:
- Monitoring the university’s tools and systems 24/7
- Auditing the application defences weekly
- Responding to any customer queries or application updates
- Delivering monthly analyst reports
“RedShield’s ability to understand our applications, our architecture, and mitigate the ever-changing attack meant we could meet our business objectives without sacrificing the security of users’ card details.”
—Payment Transaction Company Executive
