Protect your card holder data!
A lot of online agencies, tour operators or consolidators, car and hotel suppliers store sensitive payment details in their environment without securing the data in a safe environment and without being PCI DSS certified.
They usually do not have the knowledge nor the Resource (IT or financial) to tackle such a certification.
Ypsilon provides PCI DSS Token proxy solution in order to allow travel companies to operate in compliance with the PCI DSS standards.
The Ypsilon „Norris“ secure storage provides a set of network proxies that filter network messages and remove or add sensitive payment information to these messages and replaces them with neutralized tokens. (Tokens are randomly created unique identifiers composed of numbers and letters and are not mathematically reversible. Tokens are totally useless for hackers.)
It is able to handle all sorts of network protocols such as http/https or travel industry specific protocols such as the proprietary Start/Toma protocol, as well as a wide range of payload types such as REST, XML, SOAP or a simple HTTP POST request. These components are used to ensure that the infrastructure in question (the Target Company), does not store any sensitive data, simplifying or completely avoiding a PCI-DSS certification.
The solution is complemented by a web service in order to offer support functions such as retrieving bin range information for credit cards, obfuscated version of a cards, refreshing a token or creating a token from a given clear text credit card number for migration purposes.
The customers (OTA, Agencies or Airlines, car or hotel suppliers) no longer retains CC data on their servers but only tokens. Payment to their PSP is done by replacing the enriched token with a PAN (primary account number) and passing the enriched Payment data to the payment channel (PSP or acquirer). PANS can be accessed via a secured web service for a predefined interval before being deleted.
Advantages for the travel industry
In contrast to “standard” tokenization solutions typically offered by payment service providers via a web service, the Ypsilon “Norris” solution is very transparent and could make any system PCI-DSS compliant with minimal changes to the original existing system. The system is complemented by a web service in order to offer support functions such as retrieving bin range information for a credit card,obfuscated version of a card, refreshing a token or creating a token from a given clear text credit card number for migration purposes.
Download the product datasheet as PDF
Kontaktieren Sie uns
Wir stehen Ihnen von Montag bis Freitag zwischen 9 und 18 Uhr gerne zur Verfügung.
Scannen Sie diesen QR-Code, um unsere Kontaktinformationen zu speichern