Technologies: Dynamics 365 Sales
Project Partner: Marco Seabra
Project Duration: 3-weeks
A national insurance client was interested in developing a cross-selling program to increase their per-client revenue. They considered developing the program in-house but decided the effort would be best handled by a company that specializes in cross-selling. For the selected vendor to effectively execute a cross-sell strategy, the client knew they would need to create a conduit to transfer confidential customer profile and financial data from their existing CRM to the vendor of choice. To ensure the transfer of data was Payment Card Industry (PCI) compliant, the CRM would need a Secure Socket Layer (SSL) with field-level encryption on all credit card and bank account numbers.
The client chose the expertise of Alternetics and the new platform to be Dynamics CRM. All sensitive information needed to be securely moved to Dynamics. Storing data while maintaining PCI compliance would prove to be a significant challenge.
We determined these to be the steps to the solution:
- Address the SSL requirement.
- Prepare CRM data for internal encryption.
- Extract same data to a local disk in a decrypted manner.
- Propagate relevant files to a secure space maintaining PCI compliance
- Securely transmit data to Dynamics CRM.
To start, the client purchased an SSL certificate; and, we created an SSL website and hosted it on the client’s IIS server. We established encryption routines per their IT requirements. Next, we modified the CRM form to add read-only financial-level fields as a ‘placeholder’ to display the future encrypted data. We then created an ASPX page with all of the same financial-level fields to match those now in the CRM form. A custom “Payment Encryption “ button was added to the CRM ribbon for the user to launch a new window and enter the financial details on the SSL-secured ASPX page. Decrypted data was then exported via SFTP using a custom SSIS package, per the vendor’s requirements. To upload the data on SFTP, we created a Windows tool that accepted an Excel file and the shared key needed to decrypt the data.
This insurance company can now generate additional revenue by cross selling products and services supported by a PCI-compliant platform. They are impressed with the integrity of the solution and have peace of mind that all data is secure.
Here’s to business growth!