Lufthansa Systems has successfully passed the credit card industry's annual PCI DSS certification audit. The major payment organizations established the Payment Card Industry Data Security Standard (PCI DSS) to counteract the growing abuse of credit card data. Alongside systems such as the PCI Compliance Engine, which were re-certified, a number of new system environments at Lufthansa Systems also passed the comprehensive audit.
The standard defines almost 400 detailed sets of requirements and security rules for the processing of credit card data. During the audit process, external Qualified Security Assessors inspect more than thirty areas of infrastructure and applications to verify compliance with the security standards.
Lufthansa Systems offers cost-effective PCI software solutions as part of its infrastructure package for data security. The PCI Compliance Engine, for example, replaces original card data by "artificial IDs." This enables companies to make applications PCI DSS-compliant without needing to make extensive process changes.
To meet the complex requirements of the PCI standard, Lufthansa Systems ensures to constantly meet the latest security requirements. By applying specialized security features such as Security Event Management, the PCI architecture at the IT service provider and its customers is monitored continuously for security holes. This identifies unauthorized attempts to access credit card data and, if required, initiates escalation processes via the Computer Emergency Response Team (CERT).
"The seals of approval from the credit card industry show our customers that their credit card data is in safe hands with us," says Bardo Werum, Senior Vice President Infrastructure at Lufthansa Systems. "This year's certification audit not only confirms that existing systems such as the PCI Compliance Engine meet the highest security requirements but also shows that we are very well positioned with our Cloud system - as this is now also PCI-certified."