If you operate with Booking.com, you might receive credit card data via XML even if you are not PCI DSS compliant yet. This will change shortly, because Booking.com set a deadline to remove all credit card details from the XML messages of the properties you connect to unless you upload a valid PCI DSS Attestation of Compliance (AoC) or Self-Assessment-Questionnaire-D (SAQ), depending on the yearly processed volume of credit cards.
- All Categories
PCI DSS compliance and cardholder security is a topic travel-technology startups rarely speak about, not least because it’s challenging and involves time and money without immediate and tangible returns. No matter whether you are bootstrapping or backed by external funds, you should be very conscious about PCI compliance because a breach will not only hit you financially but also on reputation-level. So it’s crucial to gain customers’ trust and loyalty.
As a startup, there are basically two approaches to achieve PCI compliance. You can either build your own PCI compliant environment from scratch or use a proxy tokenization solution as a service. More information about this make or buy approach can be found on our latest blog.
Taking that into account, let’s find out how startup Bookiply initially approached PCI DSS compliance, what was important for choosing a solution and what made them trust in PCI Proxy to keep their cardholder data safe. Therefore we had the pleasure to chat with Amélie, Product Manager at Bookiply.