Security is the base of any business and is an asset that must be worked from the inside out. Therefore to be recognised as a company that is efficient in card data processing gives us special value. Especially when it becomes something of a habit.
This is the fifth consecutive year that Idiso Hotel Distribution has been awarded the Payment Card Industry Data Security Standard (PCI – DSS), for storing the credit card data provided by clients to the reservations and customer service departments. We can therefore claim that Idiso’s services and products like the Call Center and Booking Engine guarantee a safer service for hotels.
The major news is that Idiso has this year confirmed its PCI DSS certificate, using version 3.1 of the regulations as a reference point, which has meant, among other things, eliminating SSL as the protocol for secure communication.
What is PCI-DSS?
The mission of the PCI Security Standards Council, since 2006, has been to increase the security of payment accounts data through promoting education and knowledge of the PCI (payment card industry) security regulations. The companies responsible for founding the organization are American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. The huge advantage of implementing the PCI regulation is that it has managed to unify criteria when it comes to dealing with the protection of credit card data, based on 12 main requirements:
1) Install and maintain a secure firewall configuration
2) Avoid using parameters set by default
3) Guarantee the protection of stored data
4) Encrypt card data through open public networks
5) Constantly update antiviruses
6) Develop and maintain secure applications and systems
7) Restrict client access to certain data
8) Assign a unique ID to each client
9) Limit physical access to data
10) Trace and monitor all data
11) Constantly evaluate the security system
12) Use a solid security policy; covering all data whether it belongs to workers or clients.
Additionally, to obtain the PCI-DSS certification the company must undergo vulnerability tests by authorised security experts (ASV). Idiso has passed all tests it has been submitted to successfully:
- Tests for vulnerabilities and their possible correction at a mid to high level.
– Technical evidence of compliance with the 12 requirements, such as a yearly risk assessment, training plans, technical configuration demonstrations or presenting a guaranteed business continuity plan. The latter refers to protocols that a company has in place to respond to an incident as well as any possible solutions. For example: if one of the Contact Centres is down the remaining one takes over. Therefore the service never stops.
Idiso’s Head of Security for Management of Information Systems, Ernesto Juanico, stresses that passing a PCI audit is a costly process.
“It takes a lot of work to maintain the PCI DSS certificate. It involves continual work. Every year we learn from the previous year, this year there have been some changes based on the new version of the regulation “ he explains.
Our expert also points out that this certificate is not just a passing trend; it is becoming consolidated. “Large companies such as Microsoft and Amazon or Banks like BBVA, Santander or La Caixa, already comply with this regulation for their TPV payment services, security is not a whim, it is a necessity, as can be proved by thousands of cases,” he concludes.
It is worth remembering the main benefits that Idiso can offer its clients thanks to the possession of this certification.
1) Protection of the hotel’s client’s credit cart details.
2) Maintaining consumer trust thanks to increased data security.
3) It is a differentiating factor that can become an advantage in the competitive market.
4) It safeguards the brand’s reputation
5) There is a decrease in possible financial loss as well as loss of image due to security risks.
Idiso’s Information Systems manager, Aurelio Palmer, explains the vital importance of a technological company in the tourist sector having this standard. “Another year more, and this is now the fifth, Idiso has passed the yearly audit and obtained the PCI-DSS certificate, thanks to the involvement and cooperation of all the departments. All these specific, essential tests have no value if the people that deal with the card data are not careful and fully involved in complying with the regulation. Security depends on everyone.
Therefore it is important to unify all the teams involved (Call Centre, Back office, technical teams, etc.) so that their day-to-day work and commitment become proof of excellence “ he claims
He adds: “With over 2.000.000.000 transactions in just the last 12 months, and an average of 0,16 seconds for availability requests through Idiso’s CRS, coming from the booking engine, connectivity, GDSs, the Contact Centre, etc., what is clear is that security is a team effort”.
Here at Idiso we consider security to be a need, we are committed to maintaining the PCI DSS certificate each and every year.