- Top Industries
- Resource Center
As an international retailer of sporting goods and outdoor gear, Orvis collects sensitive personal and payment data from multiple channels to complete transactions. This can create a complex data environment that's subject to significant risk and compliance scope, and protecting it can be difficult to manage without restricting the value and utility of sensitive data.
“We knew we had to securely encrypt the transactions flowing through the ecommerce, email and phone contact center, retail store, and field point-of-sale channels to keep incoming payment and personal data safe,” Orvis Chief Information Security Officer Tyson Martin said. “But we also wanted to remove all the sensitive data from our internal IT systems so that in case of a breach, there would not be any customer data to expose.”
By integrating with TokenEx's Data Protection Platform to accept and cleanse data before it entered its systems, Orvis was able to safely store and transmit it without increasing risk or scope.
Orvis leveraged the TokenEx platform to remove sensitive cardholder data from its environment, resulting in a 90 percent reduction of PCI scope.
We never touch any payment data in our contact centers, retail stores, websites, or in the field. And that’s a big relief.
Additionally, by routing this data through an independent third-party platform, Orvis can maintain complete control of its data and integrate easily with revenue-management services such as fraud prevention, account updater, and more.
“Really, the TokenEx platform is designed to plug in and do everything you need it to,” Martin said.
As a result, Orvis reduced PCI scope by 90 percent, unified its customer data across multiple channels, and protected PII in addition to PCI. Plus, removing sensitive data from its environment enabled Orvis to better allocate its resources and focus on revenue-impacting areas.
“Our expertise is retail and customer service," Martin said. "We don’t pretend to be able to build a totally secure system on our own. That's where TokenEx comes in."