Invia SSC Germany GmbH Successfully Certified acording to PCI DSS

17. August 2020

Invia PCI DSS Core-Team: „IT Infrastructure“ & Software Development “Invia Payment”


The Invia Group is a pan-European market leader in online travel distribution with 1300 employees in 16 offices across 7 countries. In 2019 more than 3 million customers travelled with Invia. The total transaction value was 1.5 billion EUR. The Invia Group operates major travel portals in Germany such as and

The internal payment service provider Invia SSC Germany GmbH was successfully re-certified according to PCI DSS for the fourth time through an on-site audit performed by usd AG in close cooperation with the Invia PCI DSS Core Team. 

Security as a Customer-Oriented Service 

For Invia, certification according to PCI DSS goes beyond mere duty. As a customer-oriented service provider, Invia sees compliance with the strict security requirements for handling credit card data primarily as an important service for its customers.

Matthias Zobel, Information Security Officer at Invia:

“We are glad that we have a security partner at the highest level in usd AG. Year after year, this enables us to implement complex PCI DSS requirements in a pragmatic manner and at the same time to continuously increase our security level. For years, our customers have benefited from the world’s highest security standard for credit card data on all our platforms.” 

Security that Exceeds Compliance 

Even beyond its own certification project, Invia makes efforts to maintain the credit card security of its customers at the highest possible level. At the end of 2018, for example, Invia developed various approaches for compliance solutions for call center agents. Even during the development phase, Invia was in close contact with the PCI experts at usd AG, so that the compliance solutions could be quickly concretized and successfully audited. 

Alexander Bienzeisler,Head of IT Infrastructure & Cloud Solutions at Invia:

“The continuous cooperation with usd AG allows us, as a service provider, to always offer the performance that our customers expect from us. The valuable exchange even beyond the audit ensures that our environments meet the highest compliance requirements within the framework of the PCI-DSS regulations at all times.”

Vinzent Broer of usd AG, who conducted the project as lead assessor: 

“Due to Invia’s infrastructure, which is mainly based on open source technologies, the certification project is always a special experience even for us. Despite the aggravating circumstances caused by Covid-19, which meant that a large part of the appointments had to be held remotely, the joint project work went smoothly again this year. We would like to thank the Invia PCI DSS Core Team for the great cooperation and look forward to next year.” 

Also interesting:

usd PCI Best Practice Workshop 2021

usd PCI Best Practice Workshop 2021

For many years, the usd PCI Best Practice Workshop has brought together responsible PCI personnel from companies of all sizes and from all industries to discuss current topics from the world of payment card industry together with PCI experts from usd. The interactive...

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...