A More Efficient PCI Compliance Process

April 25, 2012

There’s no question that data security is a significant risk in online retail. Given the threat posed to payment card users by these attacks, it is no surprise that the payment card industry has responded with the stringent data processing and storage requirements spelled out in the Payment Card Industry Data Security Standards (PCI DSS).

The Datalex Travel Distribution Platform (TDP) is an e-commerce retail platform for leading airlines and travel distributors around the world. This highly available, PCI compliant, hosted infrastructure delivers shopping, reservations and reward offerings to approximately 95 million travelers worldwide each year.

As such, we continue to look at new innovative and effective approaches to provide the level of security our customers and travelers expect while making sure the solution was flexible enough to meet the demand of travel retailers in a cost-effective manner. On review of our process with our PCI Qualified Security Assessor (QSA), we found that wrapping our TDP services with a PCI-compliant tokenization service allowed us to focus compliance efforts providing a more flexible framework for the introduction of new functionality and integration of third party services.

TOKENIZATION

We created the Datalex Tokenization System, a storage and transmission system that wraps around TDP and handles and stores all payment card data, isolating that data from other TDP services. By making the Datalex Tokenization service fully PCI-compliant we are able to maximize security for traveler information. The Tokenization service intercepts payment card data at the point it is entered by a traveler and then passes a token to other TDP services to represent the stored data. For enhanced security, the token is simply a randomized value that replaces the payment information but does not contain any sensitive data itself. Any TDP service can use the token to confirm that the data has been entered and approved.

When the sensitive information is needed by a third-party system, TDP sends the token which is intercepted en-route by the tokenization service and replaced with the appropriate information. TDP retail services can easily use the tokenization service to integrate securely with third-party systems. This new approach was validated in August 2011 when the PCI Standards Counsel issued this report formally endorsing our approach to Tokenization as an effective compliance tool.

Will Gordon, Datalex Information Security Manager and Ken Labach, Datalex Counsel.

Latest Datalex News

May 7, 2024
#1 – 2024 is the year of Offer & Order Implementation The industry’s transition to 100% Offers & Orders has been a huge topic of discussion in recent years, however, we’re only starting to see...
Read More
April 23, 2024
Dublin, Ireland, 19 April 2024: Datalex plc ("Datalex", the "Company" or the "Group") (Euronext Growth Dublin: DLE), a market leader in airline e-commerce solutions, today announces that Steven...
Read More
March 6, 2024
Last week, the airline industry came together at the Aviation Festival Asia event in Singapore to discuss airline retailing innovation and the need for retail transformation free of legacy...
Read More