ROYAL GATE INC. is an up-and-coming financial technology company established in 2007. It engages in IT solutions development and consulting, and is an Application Service Provider (ASP). In 2011 the company launched its mobile payment service ‘PAYGATE’ as the core service of its ASP business.
PAYGATE combines ROYAL GATE’s exclusive payment device and an application that enables credit card payment using smartphones and tablets. Its latest device ‘PAYGATE AIR’ is compatible with electronic money payment via NFC (Non Field Communication), as well as magnetic cards and IC card payments. Its highly reliable and scalable service platform ‘PAYGATE POP’ is compatible with a wide variety of systems. “These are the reasons why there are many large-scale use cases of PAYGATE in Japan, which covers entire chains of restaurants and retail stores, or entire fleets of taxis,” explains ROYAL GATE CEO Keiji Umemura.
Another feature of PAYGATE is its excellent security.
“As an example, PAYGATE employs the DUKPT (Delivered Unique Key Per Transaction) key management method regulated in the ANSI standard, providing a mechanism that can reliably send encrypted credit card information from device to gateways,” says Umemura.
The PAYGATE service works in a hybrid environment that combines an on-premise data center and the cloud using Microsoft Azure. In addition to the strong platform security of the Azure data center provided by Microsoft, the communications between on-premise datacenter and Azure are secured by a VPN. But they needed another solution to help ensure compliance with PCI DSS (Payment Card Industry Data Security Standard). For that, ROYAL GATE selected Trend Micro™ Deep Security™.
Business Promotion Office Leader PCIDSS Promotion Office,
Royal Gate Inc.
Upon the establishment of Azure Tokyo region, ROYAL GATE migrated PAYGATE from overseas Azure to the Tokyo region. At the same time, ROYAL GATE initiated its PCI DSS compliance initiative for the new environment using Deep Security.
One key factor in ROYAL GATE’s choice of Deep Security was its variety of features, which make Deep Security a true ‘all-in-one’ solution, says Kazushige Hashimoto of the PCI DSS, Promotion Office.
“Deep Security provides features that go beyond anti-malware to broadly cover the technical requirements of PCI DSS—including WAF/IDS/IPS, log management, and integrity monitoring. With no other all-in-one like it available, we didn’t hesitate to choose it.”
The migration to the Tokyo region was completed in September of 2014, and PAYGATE service began on that new environment. Deep Security was deployed to all servers in the cloud environment with all of its features enabled. Deep Security, and particularly its integrity monitoring feature, supports PCI DSS compliance and helps achieve defense-in-depth across all servers.
Along with the features of Deep Security itself, Trend Micro’s support service also contributes to the strengthened security of PAYGATE. “Trend Micro’s support quality is high, and every time we ask questions, Trend Micro gives us useful feedback. Security is a complicated topic, and it’s very important for us that we have an access to the security experts when we think about our security operations,” says Hashimoto.