When global travel technology meets strict security standards, complex projects emerge with many moving parts. Amadeus, one of the world’s leading providers of software and data solutions for the travel industry, sits at the heart of an ecosystem that connects airlines, airports, hotels, mobility providers, and countless other players. The company’s technology powers the global travel and tourism industry and enables a fast‑moving, digitally driven market.
In this environment, protecting sensitive payment data and complying with international security standards are critical. Amadeus’ broad portfolio of products and systems creates a highly complex architecture that must be implemented and operated in full compliance with PCI DSS. This is where a partner is needed who maintains a clear overview and ensures security even within long‑established structures. Amadeus relied on usd AG to implement these requirements securely and effectively: an experienced specialist who leads organizations to PCI compliance through technical expertise, clear structure, and reliable project management.
A Complex Landscape Needs Clear Direction
Amadeus’ payment infrastructure spans a wide range of products, technologies, and services that are tightly interconnected. At the same time, the future‑dated requirements of PCI DSS v4.0.1 were approaching and called for early, in‑depth preparation. The transition to the cloud also raised organizational and technical questions. The challenge resembled a mosaic: many individual pieces that only form a coherent picture when placed correctly. This made a structured approach, deep industry knowledge, and clear guidance throughout the assessment essential.
The Path Forward: Structure, Clarity, and a Joint Team
To make this complexity manageable, Amadeus and usd AG moved forward together in close alignment, with full transparency and clearly defined roles. The collaboration was shaped by open communication and an assessment approach precisely tailored to Amadeus’ organizational structure.
Our experience from numerous PCI projects in the travel industry helped us to identify Amadeus' specific requirements quickly. The company's consistent commitment to high security standards and clear prioritization of tasks and responsibilities was particularly crucial for the project.
Tobias Weber, Managing Consultant and QSA, usd AG
Key elements of the approach:
- Tailored assessment approach aligned with business structures
- Open dialogue on technical and organizational issues
- Targeted preparation for future-dated requirements from PCI DSS v4.0.1
- Consideration of cloud architecture in the context of forthcoming requirements
This close alignment ensured that the project progressed in a controlled manner while also establishing a shared understanding of priorities.
The Result: Certification Achieved. Long‑Term Resilience Strengthened.
The results are clear: Amadeus achieved PCI DSS v4.0.1 certification. This sends a strong signal that even widely distributed and complex system landscapes can be auditable if processes are clearly structured and teams work together precisely.
The certification marks the successful completion of an important transformation for us. Our goal was to reinforce a scalable, future‑ready PCI DSS framework that strengthens our products for the long term. Working with usd AG was a decisive factor in achieving this. In joint sessions, we clarified expectations, refined processes, and made the entire audit process more transparent and efficient. The openness and expertise with which usd AG supported us proved especially valuable. They helped reduce complexity, build trust, and lay the foundation for continuous compliance. Now we are taking the next step forward, with clear structures, strong collaboration, and a security posture that continues to grow.
Michael Johannes, Director of PCI DSS Program and Head of Governance Security & Compliance (Amadeus Corporate Information Security Office)
After the assessment is before the assessment: The next recertification is already planned. The focus will be on the continuous implementation of future-dated requirements and the further development of cloud environments.
About Amadeus
Amadeus makes the experience of travel better for everyone, everywhere by inspiring innovation, partnerships and responsibility to people, places and planet.
Our technology powers the travel and tourism industry. Inspiring more open ways of working. More connected ways of thinking, centered around the traveler. Our open platform connects the global travel and hospitality ecosystem. From startups to big industry players and governments too. Together, transforming how travel works. We are working to make travel a force for social and environmental good. A collective responsibility to protect and improve the people and places we visit, ensuring travel continues to make positive contribution to our world.
We apply innovation to meet new needs, to solve real challenges. Our truly diverse global workforce, made up of 150 nationalities, is passionate about travel and technology. We are an IBEX 35 company, listed on the Spanish Stock Exchange under AMS.MC. We have also been recognized by the Dow Jones Sustainability Index for the last 13 years.
Amadeus. It’s how travel works better. Learn more about Amadeus at www.amadeus.com
