Security is an asset that must be worked from the inside out, it is the foundation of any business. Therefore, to be recognised as a company that is efficient when it comes to handling payment card data makes us stand out from the rest. And even more so when this becomes a common occurrence.
This is the fourth consecutive year that Idiso Hotel Distribution has been recognised with the Payment Card Industry Data Security Standard certificate, for storing the credit card data needed to take bookings and help our clients. With this certificate, services and products such as the Call Centre and the Idiso Booking Engine guarantee the hotels safer attention.
How did the award come about and how can companies obtain it?
Since 2006, the mission of the PCI Security Standards Council is to increase security of the data related to payment accounts by promoting training and providing information on the PCI Security Regulations (Payment Card Industry). The founding companies behind this organization are American Express, Discover Financial Services, JCB International, MasterCard and Visa, INC. The great advantage when implementing the PCI regulation is that they have managed to unite criterion when it comes to protecting card data, this involves meeting 12 important requirements:
1) Install and maintain a secure firewall
2) Avoid using default parameters
3) Guarantee the protection of stored data
4) Encrypt the data of cards using open public networks
5) Constantly update the antivirus
6) Develop and maintain secure applications and systems
7) Restrict clients’ access to certain data
8) Assign a unique ID to each client
9) Limit physical access to data
10) Track and monitor all data
11) Constantly evaluate the system’s security
12) Opt for a solid safety policy including all employee and customer data
Apart from this, to obtain the PCI certificate a company must pass four yearly audits, one every three months, known as scans that must have a perfect result. During these tests Idiso has passed exams that demand for:
- Vulnerability scans and possible mid-high level corrections.
-Technical evidence that the 12 requirements are being met, such as yearly risk assessment, training plans, technical demonstration of configuration, or presenting a guaranteed continuity business plan. This would refer to the response protocols that the company has in place in case an incident were to arise as well as the possible solutions.
For example: if a call centre was to go offline the one that is still in operation would take over. In this way the service will never stop. Ernesto Juanico, member of the Idiso Systems team, stresses that passing the audit is a costly process.
“To receive the PCI certificate involves a lot of work, it is like a job, each year we learn from the previous”, he explains.
At the same time, our expert points out that this certificate is not just a passing trend, but has been consolidated. “Large companies like Microsoft or Amazon and important banks such as BBVA, Santander or La Caixa, now meet these regulations in the TPV payment service”, he concludes.
After proving the force behind the PCI regulations, it is worth remembering what benefits there are for the Company:
1) Protection for client card data and that of the hotels we render services to.
2) We maintain consumer confidence because of the high data safety level.
3) We stand out, which is a great benefit in this competitive market.
4) It safeguards the reputation of our trademark.
5) There is a decrease in possible financial loss and loss of image due to security risks.
Aurelio Palmer, Manager of Idiso’s Information Systems explains the vital importance of using this standard for a technological company in the tourist trade “Idiso has now passed four yearly audits to achieve the PCI-DSS certification. This took cooperation and involvement from all the departments. All the specific, essential tests, are worthless if the people that deal with the card data are not careful and do not commit to sticking to the regulations.
Therefore it is important for all teams involved (Call centre, Back office, technical teams, etc.) to work together so that their commitment and day to day work is evidence of excellence” he explains.
He adds “With more than 1.000.000.000 transactions processed, with an average of 0.15 seconds for availability requests, through Idiso’s CRS, coming from booking engines, connectivity’s, GDSs, CallCentre, etc. it is clear that safety is a team effort”.
Here at Idiso we will not rest on our laurels, we aspire to obtain the PCI-DSS certificate year after year.