PCI DSS Solutions




Protect your card holder data!

A lot of online agencies, tour operators or consolidators, car and hotel suppliers store sensitive payment details in their environment without securing the data in a safe environment and without being PCI DSS certified.
They usually do not have the knowledge nor the Resource (IT or financial) to tackle such a certification.
Ypsilon provides PCI DSS Token proxy solution in order to allow travel companies to operate in compliance with the PCI DSS standards.
The Ypsilon „Norris“ secure storage provides a set of network proxies that filter network messages and remove or add sensitive payment information to these messages and replaces them with neutralized tokens. (Tokens are randomly created unique identifiers composed of numbers and letters and are not mathematically reversible. Tokens are totally useless for hackers.)
It is able to handle all sorts of network protocols such as http/https or travel industry specific protocols such as the proprietary Start/Toma protocol, as well as a wide range of payload types such as REST, XML, SOAP or a simple HTTP POST request. These components are used to ensure that the infrastructure in question (the Target Company), does not store any sensitive data, simplifying or completely avoiding a PCI-DSS certification.

The customers (OTA, Agencies or Airlines, car or hotel suppliers) no longer retains CC data on their servers but only tokens. Payment to their PSP is done by replacing the enriched token with a PAN (primary account number) and passing the enriched Payment data to the payment channel (PSP or acquirer). PANS can be accessed via a secured web service for a predefined interval before being deleted.

Advantages for the travel industry

  • Travel industry specific PCI DSS solutions.(OTAs, Agencies,Insurance,Hotel & car suppliers,Tour Operators etc.)
  • Avoid full blown PCI DSS certification
  • Payment Data safety
  • Reduce financial impact for certification and ongoing audits, forensic investigation costs and annual certification
  • Avoid cost of bringing infrastructure and systems into compliance
  • Avoid fines and penalties and eventual loss of Merchant license
  • Avoid litigation and compensation law suits
  • Reduce staff needed to document PCI DSS relevant operations
  • Minimize security risk
  • Avoid brand/reputation damages
  • Marketing argument/guarantee safety of payment details
  • Customized implementation based on several components such as Data source, Target list, protocols, Hosts, payload description etc

In contrast to “standard” tokenization solutions typically offered by payment service providers via a web service, the Ypsilon “Norris” solution is very transparent and could make any system PCI-DSS compliant with minimal changes to the original existing system. The system is complemented by a web service in order to offer support functions such as retrieving bin range information for a credit card,obfuscated version of a card, refreshing a token or creating a token from a given clear text credit card number for migration purposes.


Download the product datasheet as PDF

Kontaktieren Sie uns


Ypsilon.Net AG
Vilbeler Landstr. 203
60388 Frankfurt/a.M.


Telefon: +49 6109 505 0
Fax: +49 6109 505 25

Wir stehen Ihnen von Montag bis Freitag zwischen 9 und 18 Uhr gerne zur Verfügung.


Blumconnect Communication Experts
Herr Michael Blum


Telefon: +49 611 890 767 78
Mobil: +49 176 312 796 06


QR Code

QR-Code V-Card Ypsilon.Net AG | Germany | Headquarter

Scannen Sie diesen QR-Code, um unsere Kontaktinformationen zu speichern