In July, we celebrated a huge milestone in our company’s history; we acquired PCIFY, a native-Salesforce application that helps businesses using Salesforce stay PCI compliant by actively monitoring and safeguarding their customer data. As a company with roots firmly planted in the payment processing industry, we know first-hand how overwhelming and time-consuming compliance can be to navigate and yet, how necessary and vital an obligation it is to uphold.

As our first acquisition, it was imperative that PCIFY aligned with our mission and culture. We were immediately struck by PCIFY’s ease of use, especially given the tremendous amount of peace of mind it affords IT teams, Security Assessors, and really anyone looking to protect their Salesforce infrastructure.

Fortunately, we had the privilege of getting to know and befriend Matt Parker, PCIFY’s founder, which has made the acquisition all the more meaningful. We owe him a shoutout, as he went out of his way to ensure we had all the resources and documentation we needed to provide PCIFY’s customers the same level of stellar support they had come to expect.

Now, almost three months later, we are delighted to announce we are changing PCIFY’s name to Blackthorn Compliance. We wanted the app’s name to reflect the full breadth of PCIFY’s capabilities as a data compliance solution that can operate on a global scale. Beyond masking credit cards and mitigating potential PCI-related risks, Blackthorn Compliance can be used to prevent any sensitive data (that follows a pattern) from entering a Salesforce org, including PII.

This name change also represents a first and pivotal step towards our grander vision for the future. Our goal is to become a one-stop-shop for companies looking for apps designed to accelerate their growth, strengthen their customer relationships, and unlock the full power of their data. With Blackthorn Compliance, we can proudly offer our customers and partners a Blackthorn-backed solution that takes the hassle out of maintaining a secure and risk-free Salesforce environment while preserving their data’s integrity.

We’re confident this name change will help us achieve even more exciting milestones to come.

*If you’re interested in learning more about our vision and product roadmap, we invite you to watch this video from our CEO, Chris Federspiel.

Why Compliance, Why Now?

More than ever, companies need to be vigilant about protecting their data. Cybercriminal activity is growing in sophistication and frequency despite global safety efforts. In 2021, data breaches cost companies an average of $4.24 Million – a 10% increase from last year.

The global pandemic, particularly the influx of remote workers and increased reliance on cloud technologies has posed new challenges. To stay safe, companies must make compliance a top priority.

In this article, we will take a closer look at PCI-Compliance and PII, their role in data management, highlight how Blackthorn Compliance supports security standards to keep Salesforce orgs safe, and what benefits Blackthorn Compliance can bring to your operations.

What is PCI-Compliance?

PCI-Compliance refers to a framework of security standards established by the Payment Card Industry Security Standards Council (PCI SSC) to protect cardholder data and reduce credit card fraud.

Founded in 2006 by representatives from American Express, Discover, JCB International, MasterCard, and Visa Inc., the Security Standards Council promotes the global adoption of data security standards across the entire payment card ecosystem. Along with providing services and implementation resources encompassing prevention and detection, the council makes ongoing recommendations to facilitate emerging technologies in the payment industry.

While the council sets forth the requirements, enforcement of PCI DSS falls outside the scope of the SSC and is instead the responsibility of the individual payment card brands or acquirers.

There are 12 technical requirements to follow, known collectively as the Payment Card Industry Data Security Standard (PCI DSS). These requirements apply to all businesses that process, store, or transmit credit card data and other sensitive information. Alongside these requirements, there are varying levels of compliance (from 1 to 4) that an organization must adhere to depending upon the volume of transactions they handle a year.

Why is PCI-Compliance Important?

PCI compliance sets a global benchmark for creating secure environments and establishing consumer trust. Companies that neglect PCI compliance run the risk of cybersecurity attacks, data loss, and can be charged steep fines for violations or worse, damages due to a breach.

What is PII?

PII stands for Personally Identifiable Information or data by which an individual’s identity can be directly linked or inferred. Social Security Numbers, driver’s license numbers, and financial records are all examples of PII. With the advancement of technology and machine learning, PII has, in some cases, been extended to include IP addresses and login IDs.

Like transaction data, PII requires safeguarding as exposing PII can inflict harm on consumers, tarnish a businesses’ reputation, and lead to lawsuits and hefty fines.

In the US, PII falls under the umbrella of several laws. In the EU, PII is defined and mandated by the General Data Protection Regulation (GDPR).

Isn’t Salesforce Already PCI-Compliant?

By default, Salesforce maintains PCI DSS certification at Compliance Level 1, as a platform. But for businesses with mature orgs that have custom components or integrations to collect customer payment data, or that rely heavily on data migrations, additional monitoring and management is required to stay PCI compliant.

How Does Blackthorn Compliance Protect PII and Credit Card Data in Salesforce Orgs?

Blackthorn Compliance helps ensure companies are PCI compliant by finding and automatically masking credit card numbers and PII data in their Salesforce org. Using pattern recognition, Blackthorn Compliance scans strings of text for numbers that match the format of known credit card issuers or identification numbers. Blackthorn Compliance then automatically masks those numbers (with asterisks), to disguise important financial information and keep personal details anonymous, in accordance with the SSC’s best practices.

Having the ability to effortlessly scan your org, is critical for teams who use Salesforce for Email-to-Case, Web-to-Case, API to Case, Customer Communities, or to store external communications. By doing so, you’re essentially inviting the risk of customers sending their personal information. Even if you train your customer service agents to delete or encrypt sensitive data, it can get stored unknowingly, creating pockets of vulnerability.

Blackthorn Compliance breaks the cycle (or never-ending game of Whac-A-Mole) by preventing new, harmful data from entering in the first place and uncovering any historical data that may pose a threat.

Can Blackthorn Compliance be Customized?

Once installed, Blackthorn Compliance goes to work immediately. It comes preloaded with detection and auditing for many standard objects but can be easily customized to detect other objects.

What Objects are Supported?

Blackthorn Compliance is pre-configured to support Cases, Case Comments, and Tasks in Salesforce. Email-to-Case, Chatter, and LiveAgent Chat can be supported by installing our extension packages. Attachments and Files are also available for support with our SecureAttachment add-on.

Blackthorn Compliance can also be customized to support international detection patterns, such as credit card sequences and national identification numbers beyond the predefined ones provided.

What are the Benefits of Blackthorn Compliance?

While seemingly daunting, effectively monitoring threats and navigating regulatory requirements is manageable with the right solution and approach. Blackthorn Compliance provides many out-of-the-box features and benefits to help simplify and strengthen your compliance efforts and act on threats immediately:

  1. Run Real-Time and Historical Scans

Blackthorn Compliance takes the hassle out of a big piece of the compliance puzzle – CRM maintenance, by enabling you to run real-time reports and historical audits of your Salesforce data. When running an audit, you can select your desired time frame and if you want your data masked, deleted, or flagged and compiled into a report. This visibility enables you to pinpoint where vulnerable data is coming in to inform your overall strategy protocols and rapidly configure additional objects as needed.

  1. Streamline Reporting

Upon completion of the audit, an email notification is sent, and all the results are stored in records called “Logs”, which can be individually accessed. Having a verifiable audit log showing what was changed and where makes conducting audits easy and dramatically cuts down the time spent sifting through data. Our built-in reports and dashboards are there to provide granular, real-time insights to demonstrate compliance readiness or quickly assess and remediate issues.

  1. Proactive Approach to Data Management

Beyond providing documentation for an audit or mitigating a potential data crisis, Blackthorn Compliance works to keep your Salesforce instance free of sensitive data in the first place. As soon as it is turned on, Blackthorn Compliance blocks records with credit card numbers from entering. If you want to block other numbers or fields instantly, you can extend detection to additional objects and set up new triggers.

  1. Ease of Use and Flexibility

Blackthorn Compliance is surprisingly easy to install and configure. Within minutes, it goes to work and can process large quantities of data following Batch Apex rules.

Having software in place that can stay ahead of vulnerabilities and automate data management is crucial for any organization handling payment and personal data. Blackthorn Compliance helps effectively manage compliance by streamlining detection across your entire Salesforce instance. If your organization is looking for a compliance solution with auto-detection and built-in reporting capabilities, we’d love to show you how Blackthorn Compliance can improve your management processes today. 

Want to see if your org has non-compliant data for free?

Run an audit of your Salesforce org data in just 10 minutes by installing from the Salesforce AppExchange today.

Security Intelligence – Remote Work Trends

PCI Security Standards

What is PII?