Retail point of sale provider provides PCI compliance and easy multi-factor authentication with YubiKey

The challenge: deliver a convenient and secure means of meeting MFA requirements for PCI compliance

Retail and restaurant managers run their businesses from Line-of-Business management software, often tied to Point-of-Sale systems. These organizations are under increasing pressure to secure both internal and cloud-based assets in a manner that meets PCI (Payment Card Industry) compliance requirements. RCS sought a robust, convenient, and manageable secondary/multi-factor authentication solution that could be used internally by RCS to secure administrative access to their systems, as well as integrated with the RCS software portfolio to protect their customer’s access to sensitive data. The challenge would be to select a method that provided the highest levels of security required by PCI compliance, while also ensuring that the use of strong authentication did not become a bottleneck for RCS’s desired customer experience.

Further, when implemented, the authentication method would need to not only scale with the growth of both the RCS customer base, but also their client’s growth and needs.

YubiKeys coupled with Cisco’s Duo Security multi-factor authentication provided an easily understood, implemented, and managed solution for RCS and their clients.

The solution: YubiKeys simplify strong authentication within an easily managed platform

“We decided to utilize YubiKeys to streamline authentication to our Duo implementation. Obtaining YubiKeys is very straightforward and it is a very easy process for us to manage and deploy to our end-user customers.” Dustin continues, “The ability to say, ‘With the YubiKeys, we offer a PCI compliant environment for you’, opens the door much easier with our more security conscious clients. The PCI-DSS compliance mandated by the payment card industry also increased the marketability of the RCS platform to agencies requiring audited compliance merits from MFA implementation into the RCS product line.” Users enjoy the convenience and simplicity of touching the YubiKey when prompted for multi-factor authentication. We were able to easily roll them out to our existing customers, and have also begun including YubiKeys as part of the onboarding process for new customers as well.

RCS, in a typical 48 hour period, authenticates over 11,000+ user logins with YubiKeys. YubiKeys are used to protect devices, as well as specific users and shared-user profiles. The current platform, at last count, supports some 2500+ identities, as a mixture of device and user authentication completions.

RCS recently upgraded to YubiKey 5 Series keys, supporting open standards-based protocols such as FIDO2 / WebAuthn, FIDO U2F, Smart Card, OATH-OTP, and more, which provides a flexible platform to enable new strong authentication workflows using the same YubiKeys customers already have in the field.

“Instead of YubiKey being a highly recommended solution for our clients, we’re moving towards making them a required solution. We are building it into our hosting suite, and into our user fees.”

The results: client MFA integration with LoB applications, platforms, and audited compliance

• Convenient and secure MFA managed across 2500+ identities, powering over 11,000 authentications every day.
• Easy integration with Duo for multi-factor authentication and platform management capabilities. Moves/adds/changes are managed from a single console.
• Ability to secure endpoints, whether desktop computers, laptops, or POS hardware into a unified authentication platform that aids in security and PCI compliance.
• Low support costs with added authentication due to simplicity of the platform.
• YubiKeys multi-protocol support positioned to meet future authentication needs.