Our solution is based on Tokenisation. Our secure storage solution provides a set of network proxies that filter network messages and remove or add sensitive payment information to these messages and replaces them with neutralized tokens. It handles all sorts of network protocols such as http/ https, REST, XML, SOAP or a simple HTTP POST request or even the proprietary Start/Toma protocol.
The Target Company (OTA, Agencies or Airlines) does not store any sensitive data, only tokens, simplifying or completely avoiding a PCI-DSS certification. Payment to their PSP is done by replacing the enriched token with a PAN and passing the enriched Payment data to the payment channel (PSP or acquirer). PANS can be accessed via a secured web service for a predefined interval before being deleted.
The advantages are: Avoid full blown PCI DSS certification, reduce financial impact for certification, ongoing audits, forensic investigation costs and annual certification. Minimize costs of bringing infrastructure and systems into compliance. Prevent fines and penalties.