Accelerating Onboarding and Enhancing Security for a Leading Card Issuer

Case Study Summary

One of Raidiam's clients, a level 1 PCI DSS-certified organisation, face a series of challenges related to API Security, Client Onboarding and Regulatory Compliance. By implementing Raidiam Connect, they were able to

1. Meet regulatory obligations around client credential cycling (cf. PCI DSS clause 8.3.2)
   
   
2. Enable clients to self-service, both at point of onboarding and on an ongoing basis, result in a 100% saving in associated operational costs
   
   
3. Update their security posture whilst making their API resources public.

The combination of these factors meant that the organisation had enhanced its security posture, improved the onboarding experience for its clients, and reduced operational overheads and time to value, addressing key commercial indicators.

The Challenge: Overcoming Security and Onboarding Roadblocks in a Highly Regulated Industry 

The organisation in question operates in the card payment space, where PCI DSS applies, and certification by a QSA is requirement. Version 4 of this standard - fully in force from March 2025, added a requirement necessitating the cycling of client credentials (i.e. those used for authentication by a service/server, as opposed to a user) at least annually, or at a frequency determined by the organisation's risk assessment.

The organisation has a wide range of API resources accessed by clients, but had not previously routinely cycled authentication credentials, and had no automatic facility for so doing. It was faced with the prospect of manually rotating several hundred credential pairs.

In addition to the above, access to the organisation's resources had been dependent on the client organisation having at least 2 site-to-site tunnels in place. This caused both operational overhead, and introduced brittleness to the system architecture.

Finally, whilst the organisation had a large number of clients, as all onboarding activity was manual, the timeframe to being (technically) ready to consumer resources was often elongated, lasting weeks, and necessitating troubleshooting to diagnose problems emanating from the complex integration approach.

The Solution:

The organisation implemented Raidiam Connect, alongside an updated Authorisation Server. This had the following impacts;

1. Clients - both new and existing - were given access to a self-service, web UI from where they could manage their applications and client credentials. Some integrated this directly with their KMS, facilitating automatic credential cycling.
   
   
2. API resources were made public, and protected with mutual transport level security. This removed the error-prone tunnel approach, hardened perimeter security, and sped up time-to-live for new clients.
   
   
3. By moving to certificate-based, asymmetric security, the organisation was able to move away from shared credentials, asymmetrically encrypt cardholder data, and enforce non-repudiation for notification messages.

The combination of these factors meant that client organisations were able to get live quicker, with a 100% saving in associated operational costs, but with a manifest improvement to the organisation's security posture. This was confirmed in a series of Cyber Security Audits, and the company's PCI DSS assessment. The QSA service in question have used the innovative approach as a showcase of how to achieve compliance combined with other value adds.

Ready to Transform?

Are you facing similar challenges in API security, client onboarding, or regulatory compliance? Don't let outdated systems hold you back. Take the first step towards transforming your organisation's security and operational efficiency:

1. Assess Your Current State: Evaluate your existing API security and client onboarding processes. Are they meeting PCI DSS 4.0 requirements?
   
   
2. Explore Raidiam Connect: Discover how our solution can address your specific challenges. Visit our website to learn more about Raidiam Connect's features and benefits.
   
   
3. Request a Demo: See Raidiam Connect in action. Our team can demonstrate how it can be tailored to your organisation's needs.
   
   
4. Consult with Our Experts: Schedule a consultation to discuss your unique requirements and how Raidiam Connect can help you achieve compliance while improving operational efficiency.
   
   
5. Start Your Transformation: Begin your journey to enhanced security, streamlined onboarding, and regulatory compliance. Contact us today to get started.

Don't wait until the PCI DSS 4.0 deadline looms. Act now to stay ahead of regulatory requirements, improve your security posture, and provide a better experience for your clients. Let Raidiam Connect be the catalyst for your organisation's digital transformation and security enhancement.