Imperva > Case Studies > PayFlex Enhances Web Application Security and Visibility with Imperva

PayFlex Enhances Web Application Security and Visibility with Imperva

Imperva Logo
Technology Category
  • Cybersecurity & Privacy - Application Security
  • Cybersecurity & Privacy - Network Security
Applicable Industries
  • Healthcare & Hospitals
  • National Security & Defense
Applicable Functions
  • Product Research & Development
  • Quality Assurance
Use Cases
  • Supply Chain Visibility
  • Tamper Detection
About The Customer
PayFlex Systems USA, Inc. is a third-party administrator that works directly with employers to administer their benefit spending accounts, COBRA and Transit programs. The company has been in business for the past 20 years and is based in Omaha, Nebraska. PayFlex provides consumers with a specialized debit card for medical transactions, including co-pays and drug purchases. This service necessitates the storage of debit card numbers and claim data, making security and regulatory compliance a major consideration for the company. PayFlex is committed to upholding the highest security standards to protect its customers and their employees.
The Challenge
PayFlex, a third-party administrator that works directly with employers to administer their benefit spending accounts, COBRA and Transit programs, faced a significant security challenge. The company provides consumers with a specialized debit card for medical transactions, which necessitates the storage of debit card numbers and claim data. This convenience, however, is balanced by potential security and regulatory considerations. PayFlex has a responsibility to uphold the highest security standards to protect its customers and their employees. Regulatory compliance is a major consideration for PayFlex, as it must contend with PCI and HIPAA standards. PCI mandates basic network security controls to protect cardholder data, and HIPAA standards require that enterprises prevent health information from being leaked. The liability for a breach is expensive, reaching up to $1.5 million since the implementation of the HITECH Act.
The Solution
To address these challenges, PayFlex deployed the Imperva SecureSphere Web Application Firewall. This solution provided much-needed visibility into PayFlex’s applications and complemented PayFlex’s Secure Development Lifecycle. SecureSphere delivers total visibility into data access and usage, and its easy-to-use interface provides granular policy creation and enforcement to prevent unauthorized access or changes to data. The solution fits with PayFlex's current infrastructure and development processes, and it was able to meet compliance and security requirements quickly. The Web Application Firewall (WAF) serves as a safety net in case bad code slips through the cracks, despite the company's efforts to teach developers proper coding techniques.
Operational Impact
  • The deployment of the Imperva SecureSphere Web Application Firewall has significantly bolstered PayFlex's web application security and visibility. The solution has not only met compliance and security requirements quickly but also fits seamlessly with the company's current infrastructure and development processes. The easy-to-use interface of SecureSphere has facilitated granular policy creation and enforcement, effectively circumventing unauthorized access or changes to data. This has provided an additional layer of protection against potential incidents, thereby reinforcing the company's commitment to uphold the highest security standards for its customers and their employees.
Quantitative Benefit
  • Fast time to deployment
  • Enhanced application visibility
  • Complements PayFlex’s Secure Development Lifecycle

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.