Securing access to cardholder data for PCI Compliance

Securing access to cardholder data for PCI Compliance

  • Customer

    Regtransfers.co.uk

  • Industry

    Car Registration

  • Geography

    United Kingdom

UserLock is so easy to use that there’s no need for training on the software. You simply set the IT team up to have access, show them a quick demo and off they go.

James Peterson
Network/Phones System Engineer
Regtransfers.co.uk

  • Challenge: PCI compliance has become a business requirement for many companies. To secure access to sensitive cardholder data that resides on a shared network, a company is required to prevent concurrent logins to the network and monitor and identify all users’ access to its network.

  • Solution: UserLock offers a simple deployment and intuitive GUI to allow any company to better control what users can do once authenticated. UserLock permits, denies or limits access based on a range of criteria – which includes preventing concurrent logins via a single identity and limiting access to a certain workstation/location. UserLock also monitors all sessions in real time, providing access information for audit.

  • Result: The enhanced visibility and security of all network access for all users helps keep sensitive payment card data safe. The audit functionality also highlights the activity of each employee, allowing him to monitor how long a user has been inactive for and during what times. This allows for better allocation of workstation resource.

Regtransfers.co.uk is the UK's largest private car registrations dealer. The company employs over 100 people at its headquarters in Dunstable, Bedfordshire. In addition to a busy sales and customer service call center, the marketing, IT and accounts departments all reside under one roof and use the same network.

The Challenge Control & Manage all Call Center agents access to the shared network

In order to become PCI DSS compliant (the Payment Card Industry Data Security Standard) Regtransfers.co.uk is required to prevent concurrent logins at all 95 of its shared workstations and be able to monitor and identify user access to its network.

With nothing in place before implementing UserLock, the challenge was to find a solution that would prevent concurrent logins, and monitor computer access across the business, in real-time. Previously, Regtransfers.co.uk ran a couple of login scripts to display the time of the last session for each user and at which machine on a web page. Regtransfers.co.uk’s IT team turned to the community on Spiceworks to ask for advice on a solution and came across UserLock.

The Solution UserLock’s installation a breeze

James Peterson, Network System Engineer at Regtransfers.co.uk found the UserLock server installation simple and was quickly able to give the rest of the IT team access with little need for instruction or training on how to use the software.

James also found that using the software allows him to freeze and unfreeze accounts as well as authorize accounts to different machines, all from the easy-to-use GUI.

The most attractive selling point however, was preventing concurrent logins and being able to monitor which users are logged in and at what times.

The UserLock software works out of sight of users, with most Regtransfers.co.uk employees unaware of its existence. The only time they notice the application is when they try and login to more than one machine and they receive a pop up to notify them which will then send a notification email to James.

The Benefits The enhanced visibility and security of all network access helps keep sensitive payment card data safe.

Having installed the UserLock software, James found the audit function to be of great benefit, showing him how well the software works and where issues may have occurred, naming each desktop clearly.

The audit functionality also highlights the activity of each employee, allowing him to monitor how long a user has been inactive for and during what times. This allows for better allocation of workstation resource. Although this is not something he was actively looking for, it has now taken over as the prime function, over the monitoring of concurrent logins.

The final benefit is one of user security. UserLock highlights and flags any unusual user activity. James is then able to find out if this is an unidentified user, or simply an employee inputting the incorrect password by mistake.

30-DAY FREE TRIAL

Get your 30-day free trial now and secure your Windows network with UserLock

Download Free Trial Discover UserLock

More Case studies?

Read more reviews from our UserLock customers.

Discover