Vantiv delivers ultra-secure, lightning-speed payment processing

Cutting latency and costs with Smarter Computing best practices from IBM

Published on 28-May-2013

"The IBM Crypto Express3 coprocessors are very fast—we get an average execution time of less than 50 microseconds, equating to 20,000 transactions per second. The encryption component used to be a negative drag on the transaction response time. That just isn’t the case anymore" - Tom Kesselring, Vice President for Mainframe and Non-stop Systems at Vantiv

Customer:
Vantiv

Industry:
Banking, Financial Markets

Deployment country:
United States

Solution:
Big Data, Big Data & Analytics, Big Data & Analytics: Improve IT, Smarter Computing, System z Software

Overview

Vantiv processes payments for merchants and financial institutions, handling gateway transactions, debit, credit, gift card, electronic benefit transfer (EBT) and authorizations for signature and personal identification number (PIN) based transactions.

Business need:
Vantiv wanted to preserve its reputation for industry-leading speed and availability in payment processing, while responding to customer demand for encryption to support new payment methods.

Solution:
Vantiv wanted to preserve its reputation for industry-leading speed and availability in payment processing, while responding to customer demand for encryption to support new payment methods.

Benefits:
Delivers higher processing speeds and helps to address scalability issues, equipping Vantiv for the future. Capitalizing on the built-in security of the zEnterprise platform protects payment data.

Case Study

Vantiv processes payments for merchants and financial institutions, handling gateway transactions, debit, credit, gift card, electronic benefit transfer (EBT) and authorizations for signature and personal identification number (PIN) based transactions. As the number one processor of PIN debit transactions in the United States, Vantiv has over 400,000 merchant locations, 1,300 financial institutions and drives more than 13,000 automated teller machines (ATMs). Employing 2,500 people worldwide, the company’s headquarters are located in Cincinnati, Ohio.

Staying ahead of the competition

One of Vantiv’s key selling points is the speed of transaction processing it offers. Tom Kesselring, Vice President for Mainframe and Non-stop Systems at Vantiv, comments: “Vantiv differentiates itself from the competition via a highly specialized processing engine that seamlessly integrates all of the elements of payment processing. This one-stop shop capability is why many of our customers leverage our services. Due to our commitment to this sector, we have been able to leverage the IBM systems to provide one of the fastest and most reliable transaction processing systems in the industry.”

To retain its award-winning status as one of the fastest and most reliable payments processors in the US, Vantiv needs to find ways to more efficiently handle growing demands for more complex encryption without compromising on speed or availability. Specifically, the introduction of Europay, MasterCard and Visa technology—based on credit cards with embedded microchips—to the US market would require the generation of more encryption keys.

Previously, Vantiv relied on external hardware security modules (HSM) to handle the encryption and decryption of transactions. As demand for encryption grew, Vantiv began experiencing scalability issues with this model.

Chris Doyle, Manager – Encryption Processes at Vantiv, explains: “Relying on external hardware security modules presented us with several challenges. Because they were limited to a certain number of connections, there was a cap on the processing power and throughput we could achieve. To meet security requirements, the devices need to be locked up in cages, calling for more people to install and manage them, increasing our costs. Eventually, we had 20 devices in place, and it simply didn’t make financial sense to continue installing new ones.”

Achieving faster processing

With the release of IBM Crypto Express3, a coprocessor designed specifically for encryption, Vantiv saw an opportunity to cut latency, enabling even faster processing of big data. With all cryptographic processing handled within the IBM zEnterprise® 196, Vantiv no longer incurs a performance hit from the network latency inherent in sending cryptographic processing to external appliances.

Kesselring says: “The IBM Crypto Express3 coprocessors are extremely fast—we are seeing an average execution time of less than 50 microseconds, equating to 20,000 transactions per second. The encryption component used to be a negative drag on the transaction response time. That just isn’t the case anymore.”

Maximizing security

The IBM Crypto Express3 is based on leading-edge, tamper-sensing and tamper-responding, programmable cryptographic technology, building on the inherent security of the IBM System z platform to help Vantiv generate encryption keys faster than ever before within a protected environment. Doyle comments: “IBM Crypto Express3 comes with management tools that offer control and transparency. We are able to view, log and verify all processes, creating an operating environment that stands up to the most rigorous of security and operating requirements.”

Kesselring adds: “The devices are also tamper-resistant—if anyone tried to access them in an unauthorized manner, the contents would automatically be erased, ensuring our customer’s data is always protected.”

Boosting efficiency

By offloading encryption processing to the IBM Crypto Express3 coprocessor, the company has freed up valuable capacity on its general purpose processors that can now be used for other workloads. Bryan Bailey, Vice President of Online Systems, explains: “Because the IBM Crypto Express3 no longer eats up our CPU resources, we can be more efficient with our processing.”

Handling encryption processing within its existing IBM System z environment helps Vantiv drive down the cost-per-transaction, by reducing floor space requirements, cabling and also management time. Doyle says: “If we had continued adding external appliances to our infrastructure we would be dealing with a lot of devices right now, using up lots of valuable data center space. I have talked to other customers that have hundreds and hundreds of external appliances with hundreds of key custodians trying to stay on top of managing them. Choosing the IBM Crypto Express3 allows us to avoid all this.”

Preparing for the future

Vantiv has deployed three IBM Crypto Express3 devices, with the option of up to 16 in each of its IBM z196 mainframes. This provides much-needed headroom to accommodate the rising demand for greater levels of encryption, and also manage seasonal spikes in workload.

Kesselring summarizes: “We believe that with the IBM Crypto Express3 coprocessor, we can easily scale to ten times our current capacity with no impact on encryption processing performance or response times. The process to install a new coprocessor is fairly straightforward and well-documented, meaning we can simply slot one in and have it up and running within an hour. For our purposes, we have a solution that we can consider pretty much infinitely scalable.”

Solution components
Hardware
● IBM® zEnterprise® 196 (z196)
Software
● IBM z/OS®
● IBM DB2®
● IBM CICS®

For more information

To learn more about how IBM can help you transform your business, please contact your IBM sales representative or IBM Business Partner.
Visit us at:
ibm.com/smartercomputing

Products and services used

IBM products and services that were used in this case study.

Hardware:
System z, System z: System z running z/OS, System z: zEnterprise 196 (z196)

Software:
CICS Transaction Server, CICS Transaction Gateway for z/OS, z/OS, Cryptographic Support, DB2 for z/OS

Operating system:
z/OS and OS/390

Legal Information

© Copyright IBM Corporation 2013 IBM Corporation Systems and Technology Group Route 100 Somers, NY 10589 Produced in the United States of America May 2013 IBM, the IBM logo, ibm.com, CICS, DB2, System z, zEnterprise, and z/OS are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. ZSC03155-USEN-00