Case Study

ACI Worldwide Chooses Coalfire® to Certify ACI Validated P2PE Solution

September 5, 2017
Resources New Case Studies ACI Coalfire P2 PE 814x460

ACI Worldwide, a global leader in electronic payments, has been in business since 1975 and supports more than 1,500+ banks, intermediaries and merchants with anti-fraud solutions. But when it came time to validate their P2PE solutions against PCI P2PE standards, they chose Coalfire for their global reach, extensive market and industry presence, and proven ability to deliver solutions to other payment systems.

CHALLENGE

A global leader in electronic payments, ACI developed its point-to-point encryption (P2PE) solution as part of its UP Merchant Payments portfolio that enables merchants to securely accept and process a wide variety of payment transactions.

“We wanted to validate ACI’s secure P2PE solution against the PCI P2PE standard in response to customer demand and additional business opportunity,” says David Tvrdy, director of product development, AOD Deal Desk at ACI.

After an existing Payment Application Data Security Standard (PA-DSS) vendor recommended Coalfire’s P2PE validation services, ACI included Coalfire in its pursuit of a P2PE Qualified Security Assessor (QSA) (P2PE) company. “After comparing companies, Coalfire’s global reach, extensive market and industry presence, and proven ability to deliver the services to other payment system leaders immediately stood out,” Tvrdy states.

Following a competitive selection process, Coalfire was chosen as the QSA (P2PE) company for the validation of ACI’s P2PE solution.

APPROACH

In collaboration with ACI’s U.S., European, and South African teams, Coalfire leveraged its global presence and deep technical knowledge to assess gaps, deliver advisory services, and perform a P2PE validation assessment. Coalfire’s comprehensive capabilities were key to advising ACI through the entire process and providing more than just an assessment (validation) service.

Coalfire conducted a workshop to understand ACI’s technical situation and business goals, and then provided advisory services to help ACI implement technical and process changes necessary for P2PE validation. Finally, Coalfire conducted the P2PE assessment.

Achieving the PCI P2PE listing was a significant effort, but Coalfire helped ACI choose efficient and cost-effective ways to address control gaps. “We learned a lot from Coalfire’s P2PE QSAs. The guidance and knowledge that Coalfire provided allowed us to tighten up our processes and procedures,” says Tvrdy.

“The best part about working with Coalfire is the high level of collaboration. The Coalfire team was extremely knowledgeable and helped us identify gaps and remediate vulnerabilities in an effective, efficient way.”

DAVID TVRDY, DIRECTOR OF PRODUCT DEVELOPMENT, AOD DEAL DESK AT ACI WORLDWIDE 

RESULTS

Coalfire applied its knowledge and industry expertise to help overcome several challenges and meet ACI’s business goals in a timely manner. “Coalfire’s validation of our P2PE solution helped us acquire new business, increasing revenue and customer satisfaction,” Tvrdy explains. “Additionally, since the start of this relationship, Coalfire has helped the ACI team build a broader understanding of risk management and PCI P2PE compliance,” continues Tvrdy.

As a preferred trusted partner, Coalfire continues to help tailor a risk management and compliance plan to offer broader organizational security benefits. Through Coalfire’s commitment to a collaborative partnership, deep knowledge of PCI/P2PE requirements, and a team of highly skilled P2PE QSAs, Coalfire helped ACI overcome challenges along the P2PE journey, and as a result, ACI was able to make informed business decisions that directly aligned to corporate objectives.