Hot Topics
Increased security for card payments: Lufthansa Systems launches new PCI Compliance Engine
How secure is the storage of my customers' credit and bank card details? Every company that processes, stores or transfers debit and credit card information has had to deal with this question since 2004, the year in which the world’s leading credit card providers formulated the international data security standard known as the Payment Card Industry Data Security Standard (PCI DSS).
The standard was designed to protect card users, issuers and merchants from ever-increasing fraud. All businesses that handle debit and credit card data are required to comply with the PCI standard. If they fail to do so, they risk hefty fines. In addition, they may be barred from accepting card payments, which is likely to harm both their sales figures and their reputation. The PCI regulations include approximately 380 detailed requirements that companies using card data must meet and implement. Since these requirements apply to all payment, data transfer and data storage processes, making a company PCI compliant requires considerable investments of time, effort and money.
With so many airline services paid for using cashless methods nowadays, the PCI DSS regulations are also an important and topical issue for this particular industry. Whether a card is used to book a flight, at the self-service check-in or for mileage credit in a customer loyalty program, its security must be safeguarded at all times.
In order to meet the new security requirements, Lufthansa Systems has developed a product that ensures PCI DSS conformity with a minimum investment: the PCI Compliance Engine. Instead of applying all 380 security requirements to the systems and processes involved in payment transactions, the PCI Compliance Engine takes an entirely new and quite innovative approach. The basic idea is that card data that is not stored does not need to be protected. The new technology eliminates the card number and replaces it with an "artificial ID". The tool is the only data unit to centrally isolate and store the credit card numbers. As it is the only key management system, it is also the only area in the company that has to be certified.
As soon as a new business transaction involving a credit card enters the company's system, the card number is replaced with an artificial ID. All further internal processing is carried out using the artificial ID. If necessary, the original card numbers can be supplied temporarily to allow for certain applications to be processed. This facility is available only for very specific cases and uses a method that complies with PCI regulations. The artificial ID is finally replaced by the credit card number just before the transaction data leaves the company.
The artificial ID is not the credit card number or an encrypted version thereof. This process significantly reduces the enormous cost of complying with the PCI standard. The PCI Compliance Engine saves time and money and also helps safeguard the customers' card details. It is suitable for all airlines with IT applications that process credit card information. Lufthansa Systems’ new product has been tried and tested as a prototype. The first customer contracts are being negotiated. It is fair to say that for everyone offering services or making payments, the world of credit cards has just got a lot more secure.
Keeping a close eye on finances: Lufthansa Systems develops new SiraxView analysis tool
As rising fuel costs place increasing economic pressure on the aviation industry, it has become more and more important for airlines to make decisions quickly on the basis of solid financial data and analyses. The SiraxView module, which was recently developed by Lufthansa Systems for its Sirax AirFinance Platform, offers airlines all the functionalities of a traditional management information system.
SiraxView gives airlines a prompt, precise overview of their revenues and cash flow and analyzes their current financial situation, right down to the revenue of individual routes. To do this, the solution must take different sales channels and price models into account, along with the code-share agreements, alliance flights, taxes and fees which directly affect airline revenues. Its integration into the Sirax AirFinance Platform enables SiraxView to automatically access all billing and accounting data, including BSP (Billing Settlement Plan) and ARC (Airline Reporting Corporation) information and data from online sales. SiraxView quickly and reliably collates and analyzes this data with the help of powerful analysis tools so that airlines can easily see the difference between tickets sold and actual passenger numbers, for example. SiraxView also enables detailed evaluations of all existing sales units and code-share agreements with other airlines.
By continually monitoring these financial figures, SiraxView can reliably forecast route capacity utilization and ticket sales and can compare current figures with those from the previous month. This information can then be used to adjust departure times, change the route network or introduce marketing measures to help airlines increase their revenues and lower their costs. The results of these analyses are stored in a modern database which users can access directly from their workstations. The data can also be uploaded to the customer’s intranet or published on the Web.
SiraxView is an integral part of the Sirax AirFinance Platform, the first integrated platform to support and optimize the entire financial process of an airline from Revenue Accounting to Cost Controlling. The SAS Group, including SAS Scandinavian Airlines, airBaltic, Spanair, Blue1 and Widerøe, is the latest customer to opt for the Sirax AirFinance Platform to optimize their financial management processes.
back