TOKENIZATION ELIMINATES RISK OF DATA THEFT, REDUCES PCI COMPLIANCE COSTS
To eliminate the risk of losing customer data, cruise lines need to deploy a combination of encryption, tokenization, and cloud data vaulting to intercept incoming sensitive data at every possible entry point. This layered approach to data security ensures that no PCI or PII is accepted, stored, or transmitted by IT systems that could be hacked, infected with malware, or inadvertently exposed by personnel. By eliminating sensitive data from internal IT systems, the scope of PCI compliance is also greatly reduced, saving time and budget. Cruise lines can use TokenEx Cloud Security Platform solutions to protect the three main collection points of sensitive data: call centers, web shopping carts, and on-premise card readers.
CALL CENTER SECURITY
Even in the age of ubiquitous internet shopping, many people prefer the human touch when making complex travel plans. Call centers with experienced travel planners are still in demand for cruises, multi-city and multi-country itineraries, and adventure vacations. In order to provide excellent service, call center operators need to collect significant PII, and ultimately PCI, to complete each reservation. All that sensitive data is entered and stored on workstations and databases that are virtual honeypots for hackers.
TokenEx provides several methods of securely working with PCI and PII data in the call center. Taking PCI over the phone can be made secure by using point-to-point encryption (P2Pe) pin pads at workstations. Once account numbers are captured and encrypted, the data is sent to the TokenEx Cloud via the TokenEx API to be decrypted, tokenized and vaulted. Tokens are sent back to the call center database for future transactions. Since only the tokens are stored in the local business systems, workstations, web servers, and databases remain out of scope of PCI compliance.
Call center operators can also use a web portal to input payment information. The TokenEx Browser Based Encryption can be incorporated into the web portal to instantly encrypt the PANs and transmit them to be tokenized, vaulted, and passed on to the payment gateway of choice for processing. This enables real-time processing of payments, while reducing the scope of PCI compliance.
The web portal can also be used to secure any PII captured during a call. PII such as email addresses, bank information, passport IDs, and even medical information, can be tokenized and vaulted to ensure only the undecipherable tokens representing PII are stored locally for future processing.
WEB SHOPPING CART CHECKOUT SECURITY
Even when customers prefer the human touch of a call center to plan their travel, additional payments can be made through a web portal and checkout page. The security objective is to provide real-time payment processing using only encrypted and tokenized data—once again keeping the web server secure and out of PCI scope. Organizations can choose to have TokenEx host the entire checkout page, which is fully customized to look and behave like the business web site design, or use the TokenEx iFrame solution to host only the final payment fields. Either way, customers entering their payment data into the web site have it securely encrypted and tokenized, so that the actual PANs never enter the travel organization’s business systems. Only undecipherable tokens are returned to the business systems for recurring billing, analytics, and safe storage.
ON-SITE CARD READER SECURITY
Traveling on cruises and tours usually requires additional expenditures shipside or on-site. Using payment cards to pay for everyday expenses requires a level of security akin to the call center P2Pe card readers. On a cruise ship, for example, guests may choose to bill every expense to the credit card they placed on file when they made the reservation, or to use a different card for points and rewards. The onsite card readers need to encrypt these account numbers immediately and store them in a local database. Away from port, the charges may need to be batched for transmission to the TokenEx when internet connectivity is regained.
OPEN INTEGRATION PROVIDES FLEXIBILITY IN PAYMENT SERVICES
With all these scenarios, the TokenEx Cloud Security Platform is tightly integrated into the existing business processes. TokenEx can act as a central integration point for fraud detection, chargeback prevention, and marketing analytics, passing the necessary payment data to the service providers in the format they expect, without any payment data being accepted, stored, or transmitted by the business systems.