Credit Agricole Group is the leading retail bank and the largest asset manager in Europe. With more than 50 million customers, 7,000 branches across 54 countries, a market cap of €23+ billion and a diverse range of products and services including retail, asset management and insurance, its mission to grow its business requires agile and secure IT infrastructure.
With ever-growing customer demand, credit card services are a key driver of the bank’s success. To keep dynamic growth and a competitive advantage, however, Credit Agricole Group has to meet strict regulatory compliance and industry standards. Secure archiving of structured credit card or payment transaction data is a must. A new business need is to securely archive unstructured data, such as digitally signed documents from retail banking business processes. This is critical to its challenge.
In 2010, the European Union introduced regulations governing the management and retention of Single European Payment Area (SEPA) financial transactions, an initiative designed to standardise the framework for making and processing electronic payments across Europe. Failure by credit card issuers (and other businesses) to meet SEPA regulations could result in prosecution and heavy fines.
Credit card issuers, including Credit Agricole Group, also have to be certified as meeting PCI-DSS (Payment Card Industry Data Security Standards) requirements. This global range of standards works to ensure the safety and security of cardholder data no matter where it is held across the globe. Card issuers unable to meet PCI-DSS can be subject to penalties and costs, could be stripped of their certification and lose the right to issue credit cards.
To meet strict compliance, it was paramount for Credit Agricole Group to securely and regularly archive credit card transaction data for as long as 10 years, while facilitating quick and easy data retrieval.
The Group was already considering a replacement of its legacy archiving solution. However, because of looming SEPA deadlines, that search became vitally important. “We required an enterprise-level, electronic archiving solution to securely store billions of transactions every year while meeting all regulatory and certification requirements; that could be deployed quickly to meet SEPA deadlines; and that would enable thousands of internal users across the bank’s footprint to quickly find and retrieve
specific structured or unstructured data assets,” said Gregoire Lundi, in charge of Service Offerings for authentication, electronic signature and archiving, Card and Payments Department, Credit Agricole Group.
Mr. Lundi also noted that the solution must be cost-effective. “Each individual bank within our Group has the right to purchase its own archiving infrastructure. As owner of the Group archiving solution, I have to convince other Group banks to use and financially contribute to a solution recommended by the Group. The banks make that decision based not only on capabilities but also on price.”
Credit Agricole Group issued an RFP for a new enterprise archiving solution. It not only considered major vendors but also SaaS models. However, Mr. Lundi quickly realised that achieving compliance would be easier and more efficient by implementing a solution on-site, one that he and his team could tightly control.
Following extensive analysis, Credit Agricole Group selected an integrated archiving, storage and data security solution from OpenText Archiving.
Mr. Lundi’s team worked closely with Documentum Professional Services to roadmap and quickly deploy an enterprise-level archiving solution. Archiving Platform drives the Group’s archiving requirements by storing vital structured and unstructured content, including all transaction records, ATM logs and customer digitised signatures captured in-branch. Thousands of Group employees, located across the bank’s branch and administrative footprint, quickly and easily access and retrieve data through the Archiving Platform intuitive web interface and/or through business applications.
To ensure security compliance, EMC RSA Data Protection Manager encrypts PCI-DSS data only (e.g. Credit card data, other data such as SEPA data is not encrypted). Data security and high performance is further enhanced with EMC enterprise data storage solutions: EMC Centera storage systems, a primary platform and a secondary storage device deployed at a separate location, ensure full data protection and synchronisation, as well as high levels of data availability.
Full security for large scale archiving
Since deploying its OpenText archiving solution (the CAESAR project Credit Agricole Electronic System for Archiving and Retrieval) Credit Agricole Group is securely archiving data associated with eight billion credit card transactions every year valued at more than €250 billion every day. This includes more than 100,000 digitised signatures captured daily in the Group’s bank branches. This is a new project that is being developed at Credit Agricole for unstructured data.
With Archiving Platform, the Group easily meets all SEPA and PCI-DSS compliance, including data security, availability and integrity requirements. The solution is also easy to use. Staff simply access the data through an intuitive Archiving Platform web interface. Searching across a variety of parameters including transaction date, customer, location and similar, employees can quickly retrieve specific data from datasets containing billions of records. With Archiving Platform, Credit Agricole staff has significantly increased efficiency and productivity by decreasing search times for documents from hours to only seconds.
Archiving Platform is also highly cost-effective. Mr Lundi illustrates this by explaining that recently another bank within the Group was considering a new archiving system. Mr. Lundi had to internally sell his new OpenText solution against stiff competition. “We beat all competitors by demonstrating that Archiving Platform was not only more effective, but it had a less expensive cost per archived gigabyte of data than any other option, including external options.”
Securely managing massive volumes with archiving platform
Mr. Lundi notes that the key to meeting vital compliance and certification requirements is keeping close control of data archiving processes. “We have to comply with regulatory requirements and we knew it would be difficult to do so with a cloud-based SaaS offering.
“With OpenText Archiving Platform, I can manage massive data volumes and meet all security standards because I use a highly secure, in-house archiving solution. Staff are happy because they can retrieve required data quickly and I’m happy because OpenText is always there to enhance their solutions, allowing us to reap even more benefits.”