Tokenization of credit cards

By offering its credit cards tokenization service to all tourism stakeholders, CentralPay provides decisive support in their compliance efforts with regard to the security of sensitive data and GDPR compliance.

While there are still enthusiasts for a hand search for the hotel of their dreams, many consumers opt for a broader view of the hotel offer, relying on the services of central reservations.

To orchestrate everything, these platforms rely on distribution software solutions, the main purpose is to manage all hotel schedules and to connect the parts, that is to say, the consumer and the tourism professional. The keystone of the system, the customer’s bank details guarantee the establishment of a relationship of trust.

In other words, by receiving sensitive data aimed at connecting parties, distribution platforms place themselves under the aegis of banking compliance. Called upon to do everything possible to protect the confidential banking information they receive, they must design an IT architecture that complies with the PCI-DSS standard.

A PCI-DSS information system is imposed on any actor who captures, transports, stores (or processes) credit card data. Its implementation is a complex, long and often expensive process, and affects almost all areas, from procedures, equipment and technologies to business processes. In short, a matter of specialists.

The ideal is therefore not to have to capture or keep bank data. The solution lies in the tokenization of sensitive data, which replaces it with a unique tamper-proof token.

Since the latest PCI-DSS 3.2 standard, CentralPay has offered access to its secure infrastructure through its tokenization service. By having only the token, a random sequence of figures, distribution centers de facto secure the reservation circuit and provide their customers and partners with the guarantee of a reliable process, in compliance with the standards set by the ticket industry. payment cards.

CentralPay thus offers bricks of services adaptable to the degree of outsourcing of the PCI-DSS perimeter. They allow support for a number of the standard’s bridges ranging from aspects such as infrastructure management, encryption, log management, to customer application hosting.