A trusted partner to close to 60 of the world’s largest loyalty programs, Points provides best-in-class loyalty solutions that help their partners to increase member engagement and generate revenue growth for their programs.
When loyalty is your business - their Loyalty Commerce Platform supports over 1 billion loyalty member accounts and processes over 92 billion transactions annually across six continents and in over 50 different currencies, it’s imperative to do everything possible to protect customer information, said Alan Owens, Vice-President of Information Security and Privacy at Points. “How would you expect anyone to be loyal to you if you’re not treating their personal information and their financial credit card information with all due care and attention,” he asked. That’s why DataStealth is a critical component of Points’ robust security program.
It’s really a blanket around our infrastructure that limits our risk of exposing the data because we don’t have it.”
Ensuring data security for any company in the global age is a significant undertaking. However, for Owens, the introduction of DataStealth has ensured that Points is even better equipped to deal with the rapid growth in worldwide threats. Why? One primary reason is that Points has a security blanket. For the past five years, it’s been using DataStealth, a unique approach to protecting its data.
Alan Owens, Points DataStealth intercepts sensitive data like credit card information before it enters Points’ system and replaces it with a token. The credit card information is restored right before it reaches the bank for processing. “We never have to handle any credit card information,” said Owens. “If we don’t have the credit card data, we can’t expose the credit card data.
Owens first heard about DataStealth five years ago when Points replaced its legacy systems with a modern platform. The goal was to increase the functionality it could offer to partners, and protecting the whole platform from credit card exposure at the same time made sense. When he met with the team from DataStealth, Owens was immediately impressed with both the people and the technology. “DataStealth CEO Ed Leavens and his team were really good at explaining how it works,” said Owens. “The technology is unique and innovative and very, very effective in mitigating the risk to us of exposing credit card information.”How DataStealth Works
DataStealth uses tokenization to identify, remove and replace credit card information so that the actual data never enters Points’ system. The technology sits “out front on the Internet,” explained Owens. A user connecting to the Points’ website will go through the DataStealth infrastructure at the network layer. It recognizes the credit card numbers and provides a token that replaces the original value with something meaningless. “We still need to see the first and last four digits to recognize the card in our systems” noted Owens, “but by replacing the other digits, we don’t have any actual credit cards in our system at all. It’s a really neat approach.” The token can then be replaced when needed to restore the actual credit card information at the time a payment is processed.
While Points uses the technology to secure credit card information, it can just as easily apply to any sensitive data, said Leavens. DataStealth can intercept and replace any sensitive data, such as names, addresses, or any other personally identifiable information.
“The data is not there. You can’t steal what we don’t have.” — Alan Owens, Points
DataStealth can even replace real data with substitutions that look and act like the original but are not. For example, replacing a real email address (you@yoursite.ca) with a replacement email address (notyou@notyoursite.ca). This allows developers to test out new functionality without actually accessing any real personal information.
The solution is also ideal for organizations, such as those in the public sector, that cannot send any personally identifiable data outside of Canada. “With DataStealth, you can remove all of the personal information before it leaves Canada,” said Leavens. “Data residency regulations can easily be adhered to.”"I hadn’t seen anything like it before”
Owens acknowledges that there are other tokenization solutions on the market. But, he says, this is different. Indeed, DataStealth was designed to be different, said Leavens. “Data breaches are still happening every day,” Leavens said. “Everyone is doing the same thing over again and expecting a different result. We wanted to develop a solution that would actually solve the problem.” For Owens, the key differentiators of the DataStealth platform are its ease of use, effectiveness at protecting the data, and the outstanding customer service that comes with it.
It took only a matter of weeks to deploy DataStealth at Points. “We just set up some network routing rules, and it was really quite easy and seamless,” said Owens. This is what sets DataStealth apart. With other tokenization solutions, it can be necessary to integrate existing systems with an API or make changes to existing applications and databases. It’s also flexible enough to deploy on physical hardware, virtual machines, or cloud platforms. At Points, it was vital that the user experience on the website would not be impacted during implementation. “DataStealth was very responsive to ensure that our needs were met,” said Owens. “Customer service was very hands-on right up to the highest levels. That’s confidence-inspiring when the whole organization makes sure the solution rolls out smoothly and works well.”
Given the enormous volume of credit card transactions it handles, Points must comply with annual PCI-DSS audits to ensure it meets the Payment Card Industry (PCI) security standards. “This assures our partners that we’re minimizing the risk of exposure,” explained Owens. Normally, the audit covers the server that processes the credit card data and any computer that touches it. “The scope of the audit can balloon out quickly if you’re flowing credit card data through your system,” said Owens. However, DataStealth ensures that there is no credit card data on Points’ systems. Technically, that puts them out of scope of the audit, but Owens said that the company prefers to go the extra mile and review everything anyway. Even so, Owens estimates that the time spent on the audits has been reduced by half. “All of our audits are very clean,” he said.
The monitoring and alerting service that comes with DataStealth is excellent, said Owens. DataStealth notifies Points of any issues immediately, no matter how small. “I’m really impressed with that level of service and diligence,” said Owens. “The command and control that they have over their infrastructure speaks to the really high level of professionalism and technical acumen.”
Owens likes the fact that DataStealth is a global company, just like Points. “It makes us more agile and able to respond to the needs of partners,” he said. “They had the technical chops to do this and a really great, innovative solution. It was a good fit, and the people are fantastic to work with.” Points maintains a big focus on ensuring that its cybersecurity and privacy initiatives are meeting the needs of its partners. “At the end of the day, DataStealth is an important aspect of how we do that,” said Owens. “The biggest benefit over the past five years is peace of mind.”
Points is a trusted partner to the world’s leading loyalty programs, leveraging its unique Loyalty Commerce Platform to build, power, and grow a network of ways members can use their favourite loyalty currency. Its platform combines insights, technology, and resources to make the movement of loyalty currency simpler and more intelligent for nearly 60 reward programs worldwide. Founded in 2000, Points is headquartered in Toronto with teams operating around the globe.
DataStealth is revolutionizing how enterprises protect their most important asset: their data. With a suite of data security products supported by patented technology, we help you discover, classify, and protect the data that’s most important to your business. Our team of data security experts are renowned for staying ahead of the curve —we have spent years building first-to-market solutions providing enterprises in North America and globally the data protection modern technology demands.
Submit the form to access the full report.
