Oklahoma Turnpike Authority
About the Company
The Oklahoma Turnpike Authority (OTA) is an instrumentality of the State of Oklahoma and a body corporate and politic created in 1947. The OTA is authorized to construct, maintain, repair, and operate turnpike projects at locations authorized by the Legislature of the State of Oklahoma and approved by the State Department of Transportation.
Product Used: Universal Tokens
Tokenization for cardholder data
When the OTA learned that its existing tokenization solution was being sunset, finding a new solution to protect patron cardholder data became an immediate priority. It was essential for OTA to find a tokenization provider that matched their high-security standards and ensured that the cardholder data of hundreds of thousands of customers remained safe.
Todd Harry, Business Development Manager of the Oklahoma Turnpike Authority, initially hesitated to use a third-party vendor. For something as important as payment security, he knew he needed a vendor that he could put a high amount of trust in and collaborate with. After meeting with IXOPAY representatives, he realized that the Oklahoma-based company checked every box. Todd explained, “Everything that we dreamt up, everything that we wanted to do, IXOPAY was able to deliver on. That was really wonderful.”
Reducing PCI headaches
After verifying the security and functionality of third-party tokenization, OTA realized that cloud tokenization would solve another problem: the time and effort spent verifying their PCI compliance each year. By storing cardholder data with IXOPAY, instead within OTA’s internal systems, the burden of compliance was transferred almost completely to IXOPAY.
Todd Harry explained, “Annually doing audits [on your own] takes so much more time and so much more money. It’s a lot easier to go to IXOPAY and say, ‘Let me see a copy of your self-assessment that says you guys are compliant, and I’ll pass that off to my auditor.’”
OTA’s previous PCI audits would take over a month, with eight or nine people working on the project. This year, their PCI audit took 50% less time for 80% fewer people as only one person was needed for the two weeks it took to complete the audit. The rest of the team was free to focus on other projects to propel OTA’s business forward instead of auditing an existing system.
How it works
The Oklahoma Turnpike Authority used batch tokenization to efficiently tokenize all their existing cardholder data. Then, once OTA’s data had been converted to IXOPAY tokens, the IXOPAY iFrame was implemented to capture and secure all future cardholder data.
Now, OTA’s cardholder data is tokenized and secured by IXOPAY at the moment of capture. This prevents sensitive data from entering OTA’s internal systems and reduces their PCI scope for future audits.
“From a hard dollar cost savings, I absolutely know that we’re saving money, even with the additional cost of making per-transaction fees to tokenize, because of the soft cost, the number of hours we are saving.“