Reminder: Upload your AoC for

23. March 2018 in General

If you operate with, you might receive credit card data via XML even if you are not PCI DSS compliant yet. This will change shortly, because set a deadline to remove all credit card details from the XML messages of the properties you connect to unless you upload a valid PCI DSS Attestation of Compliance (AoC) or Self-Assessment-Questionnaire-D (SAQ), depending on the yearly processed volume of credit cards.

First things first, why do I have to upload an AoC?

Continue reading »

Insights: How startups deal with PCI

23. November 2017 in General

PCI DSS compliance and cardholder security is a topic travel-technology startups rarely speak about, not least because it’s challenging and involves time and money without immediate and tangible returns. No matter whether you are bootstrapping or backed by external funds, you should be very conscious about PCI compliance because a breach will not only hit you financially but also on reputation-level. So it’s crucial to gain customers’ trust and loyalty.

As a startup, there are basically two approaches to achieve PCI compliance. You can either build your own PCI compliant environment from scratch or use a proxy tokenization solution as a service. More information about this make or buy approach can be found on our latest blog.

Taking that into account, let’s find out how startup Bookiply initially approached PCI DSS compliance, what was important for choosing a solution and what made them trust in PCI Proxy to keep their cardholder data safe. Therefore we had the pleasure to chat with Amélie, Product Manager at Bookiply.

Continue reading »