ROYAL GATE INC. is an up-and-coming financial technology company established in 2007. It engages in IT solutions development and consulting, and is an Application Service Provider (ASP). In 2011 the company launched its mobile payment service ‘PAYGATE’ as the core service of its ASP business.
PAYGATE combines ROYAL GATE’s exclusive payment device and an application that enables credit card payment using smartphones and tablets. Its latest device ‘PAYGATE AIR’ is compatible with electronic money payment via NFC (Non Field Communication), as well as magnetic cards and IC card payments. Its highly reliable and scalable service platform ‘PAYGATE POP’ is compatible with a wide variety of systems. “These are the reasons why there are many large-scale use cases of PAYGATE in Japan, which covers entire chains of restaurants and retail stores, or entire fleets of taxis,” explains ROYAL GATE CEO Keiji Umemura.
Another feature of PAYGATE is its excellent security.
“As an example, PAYGATE employs the DUKPT (Delivered Unique Key Per Transaction) key management method regulated in the ANSI standard, providing a mechanism that can reliably send encrypted credit card information from device to gateways,” says Umemura.
The PAYGATE service works in a hybrid environment that combines an on-premise data center and the cloud using Microsoft Azure. In addition to the strong platform security of the Azure data center provided by Microsoft, the communications between on-premise datacenter and Azure are secured by a VPN. But they needed another solution to help ensure compliance with PCI DSS (Payment Card Industry Data Security Standard). For that, ROYAL GATE selected Trend Micro™ Deep Security™.
Business Promotion Office Leader PCIDSS Promotion Office,
Royal Gate Inc.
Upon the establishment of Azure Tokyo region, ROYAL GATE migrated PAYGATE from overseas Azure to the Tokyo region. At the same time, ROYAL GATE initiated its PCI DSS compliance initiative for the new environment using Deep Security.
One key factor in ROYAL GATE’s choice of Deep Security was its variety of features, which make Deep Security a true ‘all-in-one’ solution, says Kazushige Hashimoto of the PCI DSS, Promotion Office.
“Deep Security provides features that go beyond anti-malware to broadly cover the technical requirements of PCI DSS—including WAF/IDS/IPS, log management, and integrity monitoring. With no other all-in-one like it available, we didn’t hesitate to choose it.”
The migration to the Tokyo region was completed in September of 2014, and PAYGATE service began on that new environment. Deep Security was deployed to all servers in the cloud environment with all of its features enabled. Deep Security, and particularly its integrity monitoring feature, supports PCI DSS compliance and helps achieve defense-in-depth across all servers.
Along with the features of Deep Security itself, Trend Micro’s support service also contributes to the strengthened security of PAYGATE. “Trend Micro’s support quality is high, and every time we ask questions, Trend Micro gives us useful feedback. Security is a complicated topic, and it’s very important for us that we have an access to the security experts when we think about our security operations,” says Hashimoto.
In March 2015, PAYGATE achieved compliance with the latest PCI DSS, v3.0. “That work took essentially three months. Considering that, before the adoption of Deep Security, it took about a year to achieve PCI DSS v2.0 compliance, the effect of Deep Security was huge for us, and it earned our high rating,” says Hashimoto.
“With Deep Security, we can centralize various procedures into its single administration console. This greatly helps us to reduce the workload required for PCI DSS compliance.”
Adds Umemura, “With Deep Security and DUKPT, the end-to-end security of PAYGATE, from device to server, has become stronger. As a result, we can say that we’ve further heightened the competitiveness of PAYGATE.”
ROYAL GATE is about to embark on an “open payment platform concept,” a scheme that will combine customer behavior analysis and marketing services with existing services from ROYAL GATE. The CLO (Card Linked Offer) services that make recommendations based on card usage history have become common in the U.S. and Europe. Umemura expects that TLO (Transaction Linked Offer) era—in which customer behavior other than credit card usage will be leveraged— will come around 2018. These concepts are for an initiative that anticipates the arrival of that era, and the support of Trend Micro is essential in its promotion.
“The roll-out of TLO, which makes use of big data, requires extremely strict security. In that sense, too, we anticipate a growing number of situations in which we will rely on Trend Micro. We greatly rely on Trend Micro for many kinds of support as a partner in creating completely new markets.”