nCipher Security News Release

Nutrisystem selects Thales to safeguard website transactions

Thales encryption and key management solutions provide a high assurance auditable environment and protect against card fraud

Thales, leader in information systems and communications security, announces that its encryption and key management solutions have been deployed by Nutrisystem, Inc. (NASDAQ: NTRI), a leading provider of weight management products and services to achieve compliance under the Payment Card Industry Data Security Standard (PCI DSS). This continues in line with Nutrisystem’s objective to ensure that every customer transaction is secure.

Nutrisystem has been helping America get healthy and lose weight for over 40 years. Its comprehensive weight loss program and products are sold direct to the consumer, with the vast majority of its sales made over the internet using debit or credit cards.

PCI DSS requires organizations that accept and process payment card data to apply proper controls to that data as it crosses networks, is processed in business applications and is stored in databases and archives. Thales nShield Connect hardware security modules (HSMs) provide the hardened high assurance encryption processing that enables Nutrisystem to comply with these PCI DSS requirements. Thales encryption and key management solutions deliver the comprehensive key management processes and procedures specified by the standard, eliminating time-consuming manual processes for managing and periodically updating encryption keys. Customer data is therefore provided with high assurance protection against theft or manipulation and Nutrisystem is protected from the potentially high risks and costs associated with compromised data.

“After evaluating a number of competitive solutions on the market, Nutrisystem selected Thales based on the solution’s performance, redundancy, ease of key management and integration, as well as its competitive pricing. Thales delivered a solution that perfectly matches the requirements of a complex, high transaction e-commerce business such as ours,” said Todd Sellers, Senior Director of Infrastructure and Telecom at Nutrisystem. “We required a fast and flexible system consistent with a 24/7 operation that would help us safeguard our data against theft or manipulation and meet our goal of PCI DSS compliance. The Thales Advanced Solutions Group professional services team and GEOBRIDGE, a longtime partner of Thales, quickly understood our requirements and developed a solution that enabled us to protect our data, protect our reputation and build trust with our customers.”

“From the largest merchants to the small internet stores, compliance with PCI DSS is critical to safeguarding customers’ payment card information. Thales nShield solutions reduce the cost and complexity of protecting sensitive card holder data allowing merchants to achieve PCI DSS compliance,” says Cindy Provin, President Thales eSecurity, Americas. “Thales nShield HSMs coupled with our world class professional services enable customers such as Nutrisystem to protect stored data and encryption keys as well as develop and maintain secure systems and applications that comply with PCI DSS requirements.”

Visit www.thales-esecurity.com and Thales Key Management Insights and Payments Security blogs for overviews of PCI DSS, key management issues, industry news and comment.