More payment card security for the tourist industry – peakwork successfully PCI DSS certified.

4. January 2016

And so peakwork AG, a leading software specialist for the tourist industry, is another player of this sector who has decided to partner usd AG in achieving certification according to the PCI DSS international security standard of the payment card industry.
At the end of August 2015, the course was set for the cooperation between peakwork and usd with the objective of achieving certification in December 2015. Janette Pitzschel and Jan Kemper, IT security consultants of usd comment: “It was important for us to prepare our peakwork colleagues for the upcoming audit as thoroughly as possible. We realized straight away that our customer’s experts had very good technical know-how, while always keeping their goal in mind. Thus, our cooperation was very efficient even during the audit’s preparatory stage.“
Ralf Usbeck, CEO of peakwork, in response to the question of why his company decided to acquire PCI DSS certification: “Highest quality, up-to-dateness and promptness of data, that’s what we promise to deliver. We’re very proud of the confidence that our customers place in our solutions. Tour operators, hotels, airlines and sales channels use peakwork’s technologies. From the inputting of travel offer data, over sales real time searches up to precise, customer tailored travel packaging – all the elements of the process need to fit together smoothly. IT security is one of the most important prerequisites for the sustainable success of our solutions. Therefore, certification according to PCI DSS, as a further proof of quality in the area of IT security, was a logical consequence for us.“
The audit period started end of October. Christopher Kristes, Manager PCI & Payment Security at usd: “The audit plan was definitely ambitious, but the audit went smoothly. The preparations and planning were perfect. A great achievement especially for a first certification. peakwork is a customer that has firmly embedded IT security in its product policy. Of course, this makes a successful audit easier to achieve.” Peter Cramer, IT Director of peakwork is also glad: “IT security precautionary measures have a high priority for us, starting during the development stage. For our sector, the continuous fulfillment of compliance requirements goes without saying. All the same, we’re proud how well both teams worked together in this certification project.“
Following successful approval of the Report on Compliance** by the PCI Security Standards Council, the PCI DSS certificate was awarded beginning of December.
* The term Qualified Security Assessor (QSA) Company refers to companies officially accredited by the PCI Security Standards Council to perform certifications according to PCI DSS.
**Report on Compliance refers to the final report of an audit according to PCI DSS.

Also interesting:

PCI DSS v4.0: INFI Worksheet Discontinued

PCI DSS v4.0: INFI Worksheet Discontinued

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet. INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs...

The Surprising Complexity of Finding Known Vulnerabilities

The Surprising Complexity of Finding Known Vulnerabilities

IT security professionals need an efficient and reliable solution for identifying known vulnerabilities in a software product, given its name and version. Our colleagues at usd HeroLab place high demands on such a solution. They evaluated several available solutions...

Categories

Categories