Alliant Credit Union Enhances PCI DSS Compliance with GoAnywhere MFT Agents

Industry: Banking & Finance

As a member-owned credit union headquartered in Illinois, Alliant Credit Union processes and tracks over 500 file transfers a week. These file transfers must consistently meet the needs of their members and remain 100% PCI DSS compliant.

For years, Alliant Credit Union relied on a combination of solutions and manual file transfers to execute their daily business requirements. But when those requirements outgrew their current arsenal of tools, they saw the benefit in moving to a single solution that could automate their processes, enhance their PCI DSS compliance, and save their organization time and resources.

→ How to Comply with PCI Data Security Standards ←

Based on the suggestion of a previous employee, Alliant Credit Union implemented Fortra's GoAnywhere MFT for its robust capabilities and advanced set of features. Not only has GoAnywhere saved Alliant Credit Union hours of manual work since implementation, it’s solved many in-house problems and improved their data security overall.

Growing Business Needs Sparked Search for a New Solution

Before GoAnywhere entered the picture, Alliant Credit Union used a mix of WS_FTP and MOVEit from Ipswitch and homemade manual scripts to process their file transfer needs. As their business requirements evolved and the desire for scalability arose, however, it became clear that an upgrade to their file transfer process was necessary to help cut down on the amount of time spent on in-house programming and admin work.

Computer Operations Supervisor Jay Wehner knew it was time to move to a new product when Alliant Credit Union started development on a new data warehouse. "With our current setup, we saw we needed a more robust system," Wehner explained. "We wanted better automation of the files and a process to import them."

→ Need to migrate your current file transfer processes to a new MFT solution? We can help. ←

Faced with increasing demands for PCI compliance, file transfer automation, and encryption, the team at Alliant Credit Union looked at GoAnywhere as a possible replacement for their current setup. It had the features they wanted—database integration, clustered active-active failover, and secure email transfer—and the release of GoAnywhere MFT Agents only further expanded what they could accomplish.

GoAnywhere’s Advanced Features Exceeded Expectations

Once the decision was made, moving from their combination of file transfer solutions and manual scripts to GoAnywhere was painless. "No other product was evaluated. GoAnywhere is a true ‘one product does it all.’ It’s not just file movement and SFTP," Wehner said.

The learning curve for GoAnywhere was also straightforward. "The basic use of file transfer was very easy to learn and use," he added. "As time goes by, you learn how to utilize more and more features of the product."

After Wehner’s team implemented GoAnywhere across the organization, they used it to create secure encrypted connections between their servers. This enabled them to promote the safety of their data and lock down common ports and protocols—which, for a company dealing with personal banking information, was absolutely critical. They also took advantage of GoAnywhere Secure Mail, an ad-hoc email module that can integrate with Microsoft Outlook.

Encryption and automation were part of Alliant Credit Union’s expectations for GoAnywhere. But as they continued to explore the product beyond its basic capabilities, they found exciting features they’ve since integrated into their day-to-day tasks.

One such surprise was GoDrive, an Enterprise File Sync & Sharing (EFSS) module for GoAnywhere. Prior to GoDrive, Alliant Credit Union used a cloud-based file sharing solution, but "the control and file size is not available with [the file sharing solution]," said Wehner, "so we started using GoDrive as a replacement. [Those] that are using it … are loving it."

Alliant Credit Union was also able to integrate GoAnywhere with their enterprise scheduler, a cross-platform, cross-application IT solution, to perform all their business procedures seamlessly.

Enhanced PCI DSS Compliance with GoAnywhere Agents

One main draw Alliant Credit Union had to GoAnywhere was the ability to enhance their PCI DSS compliance using GoAnywhere MFT Agents. These Agents support automated file transfers and workflows on systems throughout the enterprise, and they’re managed by a central deployment of GoAnywhere, which can be used to configure and schedule agent file transfers from a browser-based interface.

→ Learn how to comply with PCI DSS with Managed File Transfer ←

How did Wehner and his team use MFT Agents? "We needed a way to securely store and transmit PCI data. By utilizing GoAnywhere Agents, we were able to use a secure channel to transmit this data. We now no longer use standard protocols like SMB ... for file transfers, which protects our data from unwanted network scanning."

Other initiatives run by Wehner, like a workflow that archives and purges files across multiple projects after a set amount of days, help keep Alliant Credit Union organized and compliant with PCI DSS retention policies.

Saving Time and Money with GoAnywhere’s File Transfer Capabilities

As an institution that deals with loan requests, automatic payments, and more, Alliant Credit Union processes a large amount of transfers a week. GoAnywhere cuts the transfer process down to around 15 minutes. Further work from Wehner has shortened the approval process and testing phases Alliant goes through for new file transfers. "I create master templates for projects to streamline this process," Wehner explained, "and this has reduced the time needed for testing."

→ See how much you could save on file transfers with MFT. Try our ROI calculator. ←

GoAnywhere also contributes to the company’s bottom line. "I can’t even begin to say how much time and money GoAnywhere has saved us each month. Automating your transfers, databases, and CSV files is an enormous cost saver."

When asked if he’d suggest GoAnywhere MFT to others, Wehner didn’t hesitate. "Buy it! The abilities are endless for file manipulation, transfer[s], database[s], encryption, and more!"

PCI DSS 4.0 is Around the Corner: Here's What's to Expect

PCI version 4.0 will be mandatory as of March 2024. However, the time to plan and implement any changes to ensure you meet the new standards is now to avoid substantial fines for non-compliance. If your organization processes or stores any cardholder data, this update applies to you.

Version 4.0 requirements were updated by the PCI Security Standards Council in March of 2022 as an update to version 3.2.1 (last refreshed in 2018). With more cards being used on a contactless basis and more payments made in the cloud, this update was due.

Notable Changes in PCI 4.0

The 12 key controls of PCI DSS defined by the PCI Council are not changing but there are a few key differences to address security goals and how to meet them.

The PCI Council’s main goals with the update to 4.0 are to:

  • Ensure the payment industry needs are meet by PCI standards to evolve as the threats to personal data change and grow. The new requirements expands multi-factor authentication, updates password requirements and addresess e-commerce and phishing.
  • Promote security as a continuous process: The PCI Council is requiring clearly assigned roles and responsibilities for each requirement to help this process along.
  • Deliver enhanced validation procedures and methods: This requirement supports transparency and granularity.
  • Bring firewall terminology up to date: This requirement now references network security controls in addition to firewalls for security.
  • Broaden Requirement 8: This requirement now includes multi-factor authentication for access into the cardholder data environment.
  • Create more flexibility in how different security objectives can be met with different, demonstrated methods: This allows for more options to achieve a requirement’s objective and supports payment technology innovation.
  • Targeted risk analysis: This directs organizations to establish how frequently they perform certain activities via a customized approach to implementing and validating PCI DSS requirements to achieve their security objectives.

See our guide for more details. 

You can learn more about Alliant Credit Union by visiting their website.

We Solved Their Problem, Now Let's Solve Yours.

We're committed to giving you a better way to automate, secure, and streamline your business processes. Schedule a demo with one of our product specialists today to see if GoAnywhere MFT is the right fit for your organization.

Schedule My Demo