Green Dot achieves PCI DSS compliance with assistance from Vormetric

Headquartered in Monrovia, CA, Green Dot is America’s leading provider of prepaid cards. Green Dot Corporation pioneered the retail prepaid debit card product and is the largest company providing such products and services.

With nearly 50,000 stores nationwide selling its products, Green Dot Corporation maintains a commanding market share of the retailer-sold debit card category. Additionally, Green Dot Corporation owns and operates the Green Dot Financial Network (GDFN). GDFN is the largest domestic cashacceptance network of its kind offering prepaid card reloading and other cash collection services to America’s leading banks and financial services companies.


Issuing and managing card accounts comes with a high level of responsibility to consumers as well as the need to comply with the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS requires that any company who stores, processes or transmits credit card data must protect that data in very specific ways. Not only is this mandate a requirement of the card brands (Visa, MasterCard, American Express and Discover), but it has a deadline and carries fines for non-compliance. Green Dot found themselves in dire need to comply with these standards in a very short timeframe.


Justin Ferris, Green Dot’s Information Security lead, and CIO Mark Goldin, were charged with solving their compliance issue and securing the data within their IT environment. His first step was to choose a trusted advisor and auditing company to help with the audit of their network (also a PCI requirement). For this, Justin and Mark selected 5PEG SECURITY, a Visa Qualified Data Security Company (QDSC), and one of a relatively small number of companies qualified to perform such assessments.

5PEG was able to quickly asses the Green Dot network and determine what steps needed to be taken to sufficiently secure their sensitive credit card data and comply with the PCI standards. Both companies then turned to Vormetric. Vormetric’s unique data protection solution, Vormetric Data Security Expert Solution, enables compliance with some of the most difficult requirements of the PCI DSS. Specifically, encryption, access control and audit logging. With a lower than average product cost, an easy implementation process and no change required to existing systems, choosing the Vormetric solution enabled Green Dot to be up and running and compliant within days, rather than weeks.

The value of implementing Data Security Expert extends beyond the data security it provides. Because PCI compliance must be proved year over year, for QDSCs like 5PEG and their customers, it means an easier audit process moving forward. CoreGuard tracks access – unauthorized and authorized – to all data it protects and logs that data in secure files only accessible by those who have been granted access, clearly showing that the credit card data has been and continues to be protected.

The silver lining in all this is that implementation of Data Security Expert for PCI requirements automatically satisfies requirements of many other government and state regulations, such as SOX and GLBA.

About 5PEG Security

5PEG SECURITY is dedicated to assisting our clients with fraud management, risk mitigation, and security assessments. Our offering of compliancy experience includes the payment industry PCI Program and a proven Sarbanes-Oxley Compliance Program. 5PEG SECURITY is a qualified assessor for the VISA/MasterCard PCI program and has been involved in that program since it’s inception in 2001. We have successfully certified PCI compliant Service Providers, Merchants, and Payment Applications. In addition, 5PEG Security also leverages its Security Consulting Services and experienced staff to assist in the remediation phases of all compliancy projects.