In 2023 be bolder got the prestigious PCI DSS Certification granted by the Payment Card Industry Security Standards Council to companies that have met the twelve requirements established in this global security standard. Thus, our clients can be sure that we apply the best security and data protection practices to process, store and transmit cardholder information in all our products, services, and solutions.
Why should a development company be PCI DSS certified?
According to a Privacy Rights report, between January 2005 and July 2018 alone, more than 10.9 billion records containing confidential information have been violated. Therefore, companies developing applications related to payment card transactions must use the security technologies and procedures recommended by the PCI Security Standards Council to prevent cardholder data theft.
Who is the Payment Card Industry Security Standards Council?
The Payment Card Industry Security Standards Council (PCI SSC) brings together the most prestigious credit and debit card companies in the world, including American Express, Discover Financial Services, JCB, MasterCard, and Visa Inc., is the one that developed the PCI security standards to protect cardholder data and is responsible for managing and enforcing these standards.
What does the PCI DSS certification process consist of?
PCI Data Security Standards are technical and operational requirements established by the PCI Security Standards Council (PCI SSC), which apply to all entities that store, process, or transmit cardholder data, seeking that developers of software and the manufacturers of applications and devices used in transactions complying with the following twelve requirements, organized into six control objectives:
|Goals||PCI DSS Requirements|
|1. Build and maintain a secure network and systems.||1. Install and maintain a firewall configuration to protect cardholder data.|
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
|2. Protect cardholder data.||3. Protect stored cardholder data.|
4. Encrypt transmission of cardholder data across open, public networks.
|3. Maintain a vulnerability management program.||5. Protect all systems against malware and regularly update anti-virus software or programs.|
6. Develop and maintain secure systems and applications.
|4. Implement strong access control measures.||7. Restrict access to cardholder data by business need to know.|
8. Identify and authenticate access to system components.
9. Restrict physical access to cardholder data.
|5. Regularly monitor and test networks.||10. Track and monitor all access to network resources and cardholder data.|
11. Regularly test security systems and processes.
|6. Maintain an information security policy.||12. Maintain a policy that addresses information security for all personnel.|
What role does the PCI DSS play in the travel and aviation sector?
The travel industry, especially airlines, is one of the sectors that carry out transactions with credit and debit cards the most to sell their products and services since they behave like retail companies, says César Ahmedt, CSO at be bolder.
Moreover, airlines have required the International Air Transport Association (IATA) to support their BSP card sales channel project to comply with PCI DSS. For this reason, IATA-accredited travel agents are now required to comply with PCI DSS.
be bolder is a digital transformation consultancy and engineering company that delivers cutting-edge solutions for aviation and travel companies that lever up their strategy on technology solutions and is now a PCI DSS Certified company.
Contact us to know more about our PCI DSS-certified solutions. We will be happy to advise you to choose the best technological and secure solution for your company.