Date Added: Jul 2009
The Follett Higher Education Group (FHEG) sells more than 20 million textbooks annually in stores and online, and it operates more than 700 campus book stores for colleges and universities. Since it began operating stores and taking credit cards, FHEG has taken protecting its customers' privacy seriously. To protect customer data the company has a longstanding practice of encrypting customer payment data. Encrypting data and subsequently decrypting data required following and documenting a time-consuming manual encryption key management and storage procedure, as required by PCI DSS 3.6.3. FHEG decided to transition to using Hardware Security Modules (HSMs) from Thales's nCipher product line instead of manually tracking encryption keys.