17 February 2014
VINCI Park is said to be the world’s largest car park operator and manages nearly 1.5 million parking places in over 2,500 sites around the world including the UK, Europe and North America. It was founded in 2001 by VINCI which designs, builds, finances and manages the operation of on-street and off-street car parks for private and public entities.
Any organisation using, storing or transmitting credit card data must comply with the PCI-DSS standard. In 2011, VINCI Park researched a number of network security vendors that could meet the standard’s requirements and sent a request for proposal (RFP) to local integrators that represented those vendors.
“Even though we had never been attacked and our network was secured against banking data theft, we wanted to protect our customers further by complying with the PCI-DSS standard,” explains Guillaume Martin, deputy director of VINCI Park’s IT system department.
Axians, a networking and telecoms integrator and a subsidiary of VINCI Energies, won the RFP to integrate and support the deployment of security appliances for the firm. The Fortinet FortiGate platform was chosen for its ability to “easily and cost-effectively” meet PCI-DSS compliance requirements.
Fortinet says its system offers a number of key features including: a firewall for partitioning the infrastructure traffic flows; VPN for encrypting electronic money transactions; anti-virus and IPS for attack detection; QoS for prioritising payment transactions; and the ability to create compliance reports. The vendor adds that “tight” security integration enables the platform to meet the PCI-DSS requirements without adding “unnecessary complexity” while maintaining control on associated costs.
390 FortiGate-60C and 110 FortiGate-50B appliances have been installed at 500 car parks in France. Deployments have also been completed in the UK, Czech Republic, Slovakia, Spain, with further rollouts expected in other countries this year.
“Fortinet technology allowed us to secure and partition transactions from end-to-end, between the payment terminals located in our car parks – that allow our customers to pay for their parking by credit cards – and banks. Today, these transactions are strictly directed to banks and are saved and decrypted by those only,” says Martin.
All the appliances are remotely managed from VINCI Park’s headquarters in France using the FortiManager-1000C centralised management platform. The company is also using the FortiAnalyzer 2000B to log daily data from all the appliances and create PCI-DSS compliant statistics and reports.