A More Efficient PCI Compliance Process

April 25, 2012

There’s no question that data security is a significant risk in online retail. Given the threat posed to payment card users by these attacks, it is no surprise that the payment card industry has responded with the stringent data processing and storage requirements spelled out in the Payment Card Industry Data Security Standards (PCI DSS).

The Datalex Travel Distribution Platform (TDP) is an e-commerce retail platform for leading airlines and travel distributors around the world. This highly available, PCI compliant, hosted infrastructure delivers shopping, reservations and reward offerings to approximately 95 million travelers worldwide each year.

As such, we continue to look at new innovative and effective approaches to provide the level of security our customers and travelers expect while making sure the solution was flexible enough to meet the demand of travel retailers in a cost-effective manner. On review of our process with our PCI Qualified Security Assessor (QSA), we found that wrapping our TDP services with a PCI-compliant tokenization service allowed us to focus compliance efforts providing a more flexible framework for the introduction of new functionality and integration of third party services.


We created the Datalex Tokenization System, a storage and transmission system that wraps around TDP and handles and stores all payment card data, isolating that data from other TDP services. By making the Datalex Tokenization service fully PCI-compliant we are able to maximize security for traveler information. The Tokenization service intercepts payment card data at the point it is entered by a traveler and then passes a token to other TDP services to represent the stored data. For enhanced security, the token is simply a randomized value that replaces the payment information but does not contain any sensitive data itself. Any TDP service can use the token to confirm that the data has been entered and approved.

When the sensitive information is needed by a third-party system, TDP sends the token which is intercepted en-route by the tokenization service and replaced with the appropriate information. TDP retail services can easily use the tokenization service to integrate securely with third-party systems. This new approach was validated in August 2011 when the PCI Standards Counsel issued this report formally endorsing our approach to Tokenization as an effective compliance tool.

Will Gordon, Datalex Information Security Manager and Ken Labach, Datalex Counsel.

Latest Datalex News

May 29, 2023
Last week, the airline industry came together at FTE EMEA & Ancillary in Datalex’s hometown of Dublin to discuss digital retail priorities for 2023 and beyond. A strong appetite for unified offers &...
Read More
May 23, 2023
Datalex is delighted to announce that we have officially been named as one of Ireland's Best Workplaces in Tech in 2023 for a third year running, after a thorough and independent analysis conducted...
Read More
May 10, 2023
This renewal extends the Datalex and Edelweiss partnership for another 5 years to transform Edelweiss’s digital retailing strategy WEDNESDAY 10th MAY 2023 - ZURICH, SWITZERLAND - Datalex, a market...
Read More