PCI Compliance solution
As a company we were inspired by the lack of protection for both customers and businesses have when transferring confidential client information in the travel sector. Having been or known a victim of credit card fraud we decided to make a stand in an industry we understand and care about.
UNIQUE PROPERTIES / PROJECT DESCRIPTION:
PCI Booking offers online travel agents, travel management companies, computer reservation systems, hotels and Channel Managers a software solution to remove all payment card data from their systems. Our software ensure end-to-end protection of sensitive customer information and dramatically reduces the cost of PCI compliance.
OPERATION / FLOW / INTERACTION:
For Inbound services, PCI Booking will mask credit card data from all user web screens and API calls, store the card data within the PCI Booking service, represent each card data item as a token and return
the tokens to the customer applications.
For Outbound services, the customer will be able to use their API in order to send sensitive data or to securely display card data to
hotels. API requests will be submitted through the PCI Booking service with a token attached to the reservation instead of the card data. PCI Booking will replace the token with the real card data and relay the request to its destination.
PROJECT DURATION AND LOCATION:
PCI Booking software was successfully launched to the travel market in the summer of 2014. The software is a natural development from our parent company InterFAX's success of delivering PCI compliant enterprise-class messaging services for the past 20 years. The project started through an informal discussion with Visa over a parent company product. During this meeting they made the jaw dropping statement that not 1 of their xml suppliers was PCI compliant. From this we flew our CEO over to VISA HQ in London to discuss these xml issues with their Senior Forensic of travel and hospitality. From this point on we made it our priority to provide a PCI DSS Level 1 compliant solution that could be accredited with Attestation of Compliance (AOC) & listed with Visa Europe.
PRODUCTION / REALIZATION TECHNOLOGY:
PCI Booking offers a fully integrated card tokenisation solution to remove PCI scope from client businesses. PCI Booking is a PCI compliant level 1 solution for inbound and outbound services.The principal objective is to provide a PCI secure shield that prevents customer payment card data being open to PCI scope whilst giving our clients immediate access to relevant payment card data when required.
SPECIFICATIONS / TECHNICAL PROPERTIES:
PCI DSS LEVEL 1 COMPLIANT SOLUTION: Solution
PCI Booking solution is PCI DSS Level 1 accredited with Attestation of
Compliance (AOC) & listing with Visa Europe. Compliant with EU data protection directive which restricts personal data storage within
the countries covered by the directive.
PCI compliance, PCI Booking, PCI scope, messaging solutions, PCI DSS accredited, Scope reduction, PCI shield, payment details, iFrame, payment capture
The PCI Booking project was designed around the requirement for a software solution specific for the travel industry, that was PCI DSS Level 1 compliant solution and could be accredited with Attestation of Compliance (AOC) and listed with Visa Europe. The design was based on market research, client research and legal requirements. Pilot schemes were used to refine our software models in industry environments
The most difficult aspect of the project was convincing the travel industry they have a real PCI compliance issue that needs addressing.
TEAM MEMBERS (4) :
Geoff Milton, Jason Perhar, Naseer Ahmad and
Geoff Milton, 2015.