School Link Technologies, located in Santa Monica, California, processes lunch payments in secondary education meal programs for over 5,500 school districts nationwide.  In such systems, a child pays for lunch with funds linked to the student’s ID card.  Parents of children enrolled at participating schools use a credit card to fund lunch money credits to the student’s account at http://www.mylunchmoney.com/.  The credit card authorization, capture, and transaction settlement is supported by Payment Processing, Inc., out of Newark, California.

 

These processes encompass a database that contains hundreds of thousands of lunch accounts and corresponding credit cards.  That’s a lot of vulnerability for one processing service.  In addition, as a third-party agent in payment card system, it is Payment Processing’s contractual obligation to member banks to ensure business partners appropriately validate their compliance with industry requirements.  School Link went through a compliancy program, which included a fairly rigorous audit, but they did not have security controls in place to protect credit card data at rest.  Payment Processing defined a solution set that included encryption, specifically Encryptionizer® for SQL Server, Column-Level Encryption (Col-E®).

 

NetLib® Encryptionizer for SQL Server provides an additional layer of security separate from Windows® and SQL Server® security.  The purpose of database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed.  Encryptionizer is fast and unobtrusive, requires no programming or administration, and can usually be deployed in a couple of hours or less.  Database encryption uses completely on-the-fly, transparent, dynamic encryption and decryption.  Data is never decrypted on disk, only in memory as requested by SQL Server.  In addition, data is automatically encrypted before being written back to disk.  With column-level encryption, which we implemented, columns containing private credit card information are encrypted, but less sensitive information is available to authorized users for day-to-day activities.

 

Because our system involved a legacy database and a custom data encryption system, we had some conversion challenges with Encryptionizer.  But NetLib’s customer support and technical staff stuck with us to correct the problem in time for the audit.  The user interface is straightforward, and it was a real plus to have master encryption keys and support of AES right out of the box.  As NetLib goes forward obtaining FIPS 140-2 validation, it will prove Encryptionizer to be a good investment.

About Payment Processing, Inc.

Payment Processing, Inc. (http://www.paypros.com/) is the industry leader for integrated payment solutions.  PPI provides software developers with a full range of services for integrating electronic payments including gateway services, integration support, merchant support and services, and PABP/PCI security assistance.  Additionally, PPI allows software developers to generate additional revenue while substantially reducing their support costs for integrated payments.  Founded in March 1995, PPI is today the most successful company in the world focused on integrated payment processing supporting nearly 700 active partners and 23,000 merchants with efficient, cost effective payment solutions.  In 2006, PPI processed in excess of $3 billion in Visa® and MasterCard® payments.  PPI's development services team provides superior technical services and support working directly with software developers to assess their needs, assist with integration, and provide the best deployment service available.  PPI professionals have deployed every major payment technology using a wide range of applications.