Meet Nyx: Your AI Copilot for Smarter, Faster DLP
Watch the demo
Customers
Onbe

How Onbe Strengthens PCI Compliance and Reduces Security Risk with Nightfall AI

For Onbe, Nightfall is more than a DLP solution. It’s a foundation for compliance, governance, and long-term risk management.
Industry
Financial Services
Integrations
No items found.
Region
U.S. Midwest
On this page

Key Results:

  • 325 employees covered by Nightfall AI
  • 600 endpoints protected across the organization
  • 45% of security issues automatically remediated
  • <5% false positive rate for maximum efficiency
  • 2.4 hours mean time to eliminate exposure or exfiltration risk

The Challenge: Complex PCI Compliance Demands

Onbe is a leading payment technology company providing comprehensive financial technology solutions for businesses worldwide. Specializing in payment processing, disbursements, and other financial services, the company handles highly sensitive cardholder information every day, making PCI compliance and robust data security absolutely essential.

The organization’s heavy use of collaborative platforms like JIRA and Confluence across multiple departments—customer support, IT operations, offshore production support, security, QA, implementation, sales, client success, and product marketing teams—meant that sensitive information could be exposed in multiple ways. Without visibility into these data flows, Onbe lacked a way to protect sensitive data, nor could they prove compliance to auditors and stakeholders.

Gaining Visibility into PCI Compliance Posture

The Risk: Without real-time insight into where sensitive cardholder data might be stored or shared, Onbe’s security team had no way to ensure compliance or prevent accidental exposure. This lack of visibility was a critical blind spot for meeting PCI requirements.

How Nightfall Helps: Nightfall continuously scans JIRA and Confluence for sensitive data, providing immediate visibility into risks and actionable intelligence for remediation.

The Impact: "Without visibility, we can’t truly say we’re protecting sensitive items. The ultimate goal was to gain that visibility by having something actively scanning so we can see what’s happening and how we’re controlling it,” says Theresa Branch, Information Security Governance Risk and Compliance Analyst at Onbe.

Protecting Cardholder Data in JIRA

The Risk: JIRA serves as the operational backbone for almost every team at Onbe. Sensitive cardholder data could easily appear in tickets, creating PCI compliance risk with far-reaching implications if exposed.

How Nightfall Helps: By monitoring all JIRA activity in real time, Nightfall detects, redacts, and remediates sensitive information before it can cause a compliance violation. Onbe implemented sophisticated data masking with proxy numbers and comprehensive protection protocols, with Nightfall serving as a critical control layer monitoring every interaction.

The Impact: "Strong security controls in JIRA are a must for Onbe, because the requests we track are sensitive and we must do everything we can to protect our client data,” says Theresa.

Educating the Team on Safe Collaboration in Confluence

The Risk: Confluence is where teams document processes, share knowledge, and collaborate across departments. But without safeguards, sensitive customer data or internal process details could be inadvertently shared with unauthorized users. Onbe needed a way to monitor user behavior in Confluence and then educate their people on how to collaborate safely and securely when sharing documents and setting file permissions.

How Nightfall Helps: Nightfall scans Confluence content in real time for sensitive data, preventing accidental exposure and ensuring documentation complies with PCI requirements. 

The Impact: "Nightfall is educating our staff and training all of us to be more PCI-compliant. I’ve noticed our team is much more careful now. Early on, people didn’t realize their actions carried risk. With the remediation features and reporting we get from Nightfall, our security and compliance communications are even more effective,” says Theresa.

Securing QA and Testing Environments

The Risk: QA and development teams sometimes used real customer data in test environments without realizing the compliance implications. These environments often went unmonitored, creating invisible compliance gaps.

How Nightfall Helps: Nightfall revealed these blind spots, enabling the security team to engage with development teams and enforce secure testing practices.

The Impact: "We didn’t know much about the risks that existed within our QA environment until we started using Nightfall. Now we can see how QA tests are conducted and investigate if data truly is protected and if client information is secure, and then take the right actions," says Theresa.

The Results 

Accurate Detection Without Alert Fatigue

With a false positive rate of less than 5%, Nightfall ensures the security team focuses only on real threats. This accuracy eliminates wasted time on non-issues while maintaining comprehensive coverage. 

Reliable Automated Remediation and User Education

Nightfall automatically remediates 45% of security issues while empowering employees to address incidents themselves through guided alerts. This approach not only reduces exposure risk but also trains staff to handle sensitive data more carefully. 

Faster Incident Response and Reduced Risk Exposure

With a mean time of just 2.4 hours to eliminate exposure or exfiltration risk, Nightfall enables Onbe to respond to potential incidents almost immediately. 

Supporting Governance, Risk, and Compliance (GRC) Program Development

Nightfall’s accurate scanning and detailed reporting became the foundation for Onbe’s GRC program. Monthly metrics now inform board-level reports, guide HR-led training, and help update policies to close identified security gaps.

"Using Nightfall to reduce exposure risk has been easy because everything is automated. All the information is collected and organized for me, so I can make decisions quickly without extra effort,” says Theresa.

DLP brings security and compliance together in one place

In the payments industry, PCI compliance is a constant operational priority. For Onbe, securing sensitive cardholder information across multiple platforms and workflows is critical to protecting both customers and the business. Nightfall has become integral to that mission, providing not just technical safeguards but also a way to evidence risk management, vulnerability management, and threat mitigation.

"Nightfall is incredibly accurate, which means it’s reliable. And reliability makes it worth the investment into DLP. I’ve never once questioned the value of Nightfall," says Theresa.

The Bottom Line: Onbe eliminated critical PCI compliance risks across its collaborative and testing environments, empowered employees with secure data handling practices, and transformed its security posture, without slowing business operations. In financial services, where a single exposure can mean millions in fines and lost trust, DLP isn’t optional. I’s the frontline defense that keeps sensitive data safe while enabling the business to move at full speed.

Read more Customer Stories

We want to allow our folks to use the power of generative AI but in a safe and approved way. Nightfall gently redirects our people to the safe gen AI sites and helps us by blocking attempts from folks putting PII or customer data into ChatGPT and other tools.
Jay Crumb
Jay Crumb
Head of Security
Read case study

The automatic end user remediation is one of the most important Nightfall features for us. You can send automatic alerts to users, customize notifications, and empower users to mark false positives or provide business justification for their actions. We didn't find this feature in other tools, so this is one of the most important things we found in Nightfall.
Ulises Chombo Martínez
Ulises Chombo Martínez
Security Operations Lead
Read case study

Read more Customer Stories

We want to allow our folks to use the power of generative AI but in a safe and approved way. Nightfall gently redirects our people to the safe gen AI sites and helps us by blocking attempts from folks putting PII or customer data into ChatGPT and other tools.
Jay Crumb
Jay Crumb
Head of Security
Jay Crumb
Read case study

The automatic end user remediation is one of the most important Nightfall features for us. You can send automatic alerts to users, customize notifications, and empower users to mark false positives or provide business justification for their actions. We didn't find this feature in other tools, so this is one of the most important things we found in Nightfall.
Ulises Chombo Martínez
Ulises Chombo Martínez
Security Operations Lead
Ulises Chombo Martínez
Read case study

Nightfall’s Slack integration is critical. Being able to action on alerts—redact, block, resolve—directly within Slack without logging into another portal saves us significant time. We see alerts and deal with them immediately, keeping our team highly efficient.
Adam Davis
Adam Davis
Adam Davis
Read case study
See All Use Cases

Schedule a live demo

Tell us a little about yourself and we'll connect you with a Nightfall expert who can share more about the product and answer any questions you have.
<1---->

© 2025 Nightfall AI. All rights reserved.

Terms of ServicePrivacy PolicySecuritySecurity
Twitter X LogoFacebook LogoLinkedIn LogoLinkedIn LogoYoutube Logo