PayLease

,

Want to learn about Alert Logic solutions?

PayLease   Download The Case Study

Property Management Payments Secured
Achieving PCI Level 1 Compliance

As the leading payment processor for the property management industry, PayLease handles sensitive financial data every day - serving the residential, homeowner association, student housing and corporate housing markets. They provide property managers a platform to process rent, dues, and lease payments electronically, giving users centralized management and faster processing time.

The Challenge

Wade Williams, Chief Technology Officer at PayLease, explains, “PCI Level 1 compliance is first and foremost about being as safe and secure as you can be. From a business perspective, it also represents a competitive advantage.” Each of the PCI DSS levels set different standards to compliance assessment requirements. For instance, Level 1 merchants need to be assessed by an independent Qualified Security Assessor (QSA) with an annual on-site audit. By comparison, a Level 3 merchant will only have compliance assessed with the completion of an SAQ (Self-Assessment Questionnaire). This difference is significant and is easily recognized by customers.

The challenge was to find the right security solution to set the PCI DSS level 1 compliance plan in motion and to establish the best security practices year over year. Their search led them to Rackspace, a leading managed hosting provider, which provided a PCI compliant datacenter with an intrusion detection system (IDS). During the data migration, the Rackspace team recommended Alert Logic’s managed solutions to meet PayLease’s security and compliance needs.


This will be our fourth year consecutively that we’ve been able to achieve Level 1 status, which is great. This is why we chose to partner with Alert Logic and Rackspace.

Wade Williams, Chief Technology Officer at PayLease

Why Alert Logic?

Williams explained, “The Alert Logic LogReview service initially caught my attention, as we needed a very thorough and ongoing log management process. In addition to that, once I realized we could use Alert Logic as our operational vulnerability scanning ASV solution, I promptly let our other security vendor go and we configured Alert Logic to perform our vulnerability scanning. Shortly thereafter, we became PCI Level 1 compliant.

The Results

PayLease is now listed on the MasterCard and Visa website as PCI Level 1 compliant. Since Wade receives all of this reporting proactively from the Alert Logic team, he has his PCI regulations covered and can avoid hiring a dedicated person to review those logs every day.

PayLease also experiences significant ROI from the Rackspace partnership. Having the Rackers involved with set up, configuration, and other tasks like adding memory or disks or adding a node to the cluster is invaluable. “There is that ROI piece, but then there is the partnership piece that means even more in my view. When I can go to the Board and sit in front of big clients and auditors and show that I’m partnered with PCI Level 1 folks at the datacenter, it carries a lot of weight,” stated Williams.