A global retail chain specializing in both in-store and online retail operations, offering a wide range of consumer products. The company processes millions of mobile transactions every day across its vast network of physical stores and e-commerce platform. As mobile payment usage continues to rise, the retailer aims to improve the efficiency of its mobile payment solutions while safeguarding sensitive customer data.
Mobile devices securely managed
PCI DSS compliance achieved
Capability Enabled
Uptime for mobile payment systems
The Challenge
As mobile payment transactions grew in volume, the retail chain faced several challenges in securing sensitive customer data and ensuring compliance with industry standards. The company needed a comprehensive solution to:
- Protect payment data during mobile transactions across in-store POS systems and e-commerce platforms.
- Ensure compliance with PCI DSS (Payment Card Industry Data Security Standard) to maintain trust and regulatory alignment.
- Detect and respond to emerging mobile threats that could compromise the security of payment devices and sensitive data.
The company was also dealing with the challenge of maintaining operational efficiency while scaling its mobile payment infrastructure, which required secure, streamlined management of mobile devices used by employees in stores and for online transactions.
What did
we do
To address these challenges, the retail chain partnered with VMware for Mobile Device Management (MDM), Digital Guardian for Mobile Data Loss Prevention (Mobile DLP), and Lookout for Mobile Threat Detection and Response (MTDR). These three solutions provided a robust, layered security approach for the retailer’s mobile payment operations.
Mobile Device Management (MDM) – VMware:
- Device Enrollment and Configuration: VMware’s Workspace ONE solution was used to enroll and configure all mobile devices in-store and for payment processing. The platform helped the retailer streamline device management, allowing for remote monitoring and control.
- Access Control & Compliance Enforcement: VMware ensured that only authorized devices could access payment systems, enforcing strict compliance with PCI DSS by setting up secure, tamper-proof configurations.
- Remote Device Wipe: In the event of lost or stolen devices, VMware enabled a remote wipe feature to protect sensitive data from being accessed.
Mobile Data Loss Prevention (DLP) – Digital Guardian:
- Data Leakage Prevention: Digital Guardian’s Mobile DLP solution helped prevent sensitive payment data, including credit card information, from being shared or accessed inappropriately. Unauthorized attempts to copy or send payment data through unsecured channels were automatically blocked.
- Encryption: The payment information processed via mobile devices was encrypted both at rest and in transit, ensuring that customer data remained secure at all times.
- Real-Time Monitoring: Continuous monitoring of mobile devices helped detect and prevent potential data breaches, providing alerts whenever sensitive data was at risk.
Mobile Threat Detection and Response (MTDR) – Lookout:
- Threat Detection: Lookout’s Mobile Threat Defense platform provided real-time visibility into mobile security threats, identifying malware, phishing attempts, and malicious apps targeting payment devices.
- Automated Remediation: Upon detecting threats, Lookout automatically initiated remediation actions to neutralize the threat, such as isolating the affected device from the network or blocking access to compromised systems.
- Compliance Assurance: Lookout helped ensure that all devices used for processing payments were continuously assessed for compliance with security standards, preventing any potential violations.
The Results
- 100% PCI DSS compliance achieved in mobile payment processing
- Reduced mobile data breach risk through real-time threat detection and prevention
- Over 10,000 mobile devices managed securely across retail stores and e-commerce platforms
- 99.9% uptime for mobile payment systems with continuous device monitoring and threat remediation
- Remote wipe capability enabled on all mobile devices, ensuring data protection in case of loss or theft
