IATA’s new NDC schema is one of the 4 key drivers of change in the payment-related market for airlines. Integrated payment capabilities bring interesting opportunities for the whole value chain. Not only can the payment process be streamlined, it can also easily be made more secure and efficient. Together with InteRES, one of the leading travel technology companies serving world-class airlines and NDC pioneers, we jointly developed a secure in-funnel payment solution for NDC messaging – with more features and solutions to follow soon. The team just recently introduced the new NDC payment solution at IATA’s World Passenger Symposium in Barcelona.
- All Categories
If you operate with Booking.com, you might receive credit card data via XML even if you are not PCI DSS compliant yet. This will change shortly, because Booking.com set a deadline to remove all credit card details from the XML messages of the properties you connect to unless you upload a valid PCI DSS Attestation of Compliance (AoC) or Self-Assessment-Questionnaire-D (SAQ), depending on the yearly processed volume of credit cards.
First things first, why do I have to upload an AoC?
PCI DSS compliance and cardholder security is a topic travel-technology startups rarely speak about, not least because it’s challenging and involves time and money without immediate and tangible returns. No matter whether you are bootstrapping or backed by external funds, you should be very conscious about PCI compliance because a breach will not only hit you financially but also on reputation-level. So it’s crucial to gain customers’ trust and loyalty.
As a startup, there are basically two approaches to achieve PCI compliance. You can either build your own PCI compliant environment from scratch or use a proxy tokenization solution as a service. More information about this make or buy approach can be found on our latest blog.
Taking that into account, let’s find out how startup Bookiply initially approached PCI DSS compliance, what was important for choosing a solution and what made them trust in PCI Proxy to keep their cardholder data safe. Therefore we had the pleasure to chat with Amélie, Product Manager at Bookiply.
In order to check if a credit card is valid, stolen or exceeded, it is still a common procedure to authorize a small amount (1 EUR), a so-called ghost authorization, prior to authorizing an actual booking or purchase. This important fraud prevention feature allows verifying the account holder and provides information about the validity of the credit card. The only problem is that the authorization still shows up on the cardholder’s statement. As a result, it might cause confusion and suspicion by the customers.
In order to avoid confusion, payment networks advanced alternative ways to check the validity of credit cards by authorizing a zero-amount instead of an actual value. Main benefit, the authorization does not appear on the customer statement.