Follett selects Thales for PCI DSS compliance

New Encryption and Key Management Approach Automates Manual Processes

Thales, leader in information systems and communications security, announces that Follett Higher Education Group has selected its encryption and key management solutions. As a result Follett has eliminated time-consuming manual processes for managing encryption keys – a key requirement for compliance under the Payment Card Industry Data Security Standard (PCI DSS).

Follett Higher Education Group sells more than 23 million textbooks annually in stores and online, and operates more than 700 campus bookstores for colleges and universities across the United States. For every transaction the company protects its customers’ personal data from breaches, complying with PCI DSS. Prior to selecting the Thales solution Follett security administrators manually replaced or rotated old encryption keys by hand in order to fulfill one of the PCI DSS requirements

By installing Thales hardware security modules (HSMs) from the nCipher product line, Follett has substituted time consuming and unreliable manual processes with an automated key management, storage and generation process. Thales HSMs are deployed on a server and safely distribute encryption keys to Follett’s e-commerce and point of sale systems. As a result Follett can rotate encryption keys in a fraction of the time compared with the manual process. Thales HSMs also store the encryption keys in hardware, a best practice for protecting encryption keys.

“With Thales HSMs, we can easily protect, manage, and rotate encryption keys, enabling PCI DSS compliance without the need for expensive manual controls,” said Irwin Gafen, Follett’s director of wholesale and distribution systems. “Our keys are safe from internal and external tampering, safeguarding our encrypted data against theft or manipulation. Our customers’ personal data is protected and we are protected from the potentially high costs of compromised data.”

After evaluating a number of competitive solutions on the market, Follett selected Thales HSMs based on the solution’s flexibility and ease-of-use. Follett also capitalized on Thales’s professional services team, which reviewed the company’s security procedures, policies, and systems. The team then developed an implementation plan that fully supported Follett’s needs and continued PCI DSS compliance.

“The increasingly high standards of regulation and industry best practices require organizations to better protect sensitive data such as customer details and credit card account information, and encryption has emerged as the preferred method for achieving this”, says Serge Dujardin, Vice President Sales for the information systems security activities of Thales. “The Thales nCipher product line delivers a versatile platform that allows companies of all sizes to securely and cost-effectively protect their data and comply with PCI DSS requirements. We are delighted that Follett have chosen Thales HSMs to protect their sensitive customer data.”

About Follett Higher Education Group

Follett Higher Education Group of Oak Brook, Illinois, is the leading provider of bookstore services and the foremost supplier of used books in North America. Follett services five million students and over 400,000 faculty members through more than 700 stores. Follett also services more than 1,600 independent campus stores with its wholesale services, and has the most visited ecommerce collegiate website,, that provides services and products through a network of more than 900 campus stores.