Download PDF
Major Airline Makes a Commitment to PCI Compliance and its Customers
Technology Category
- Cybersecurity & Privacy - Application Security
- Cybersecurity & Privacy - Database Security
- Cybersecurity & Privacy - Identity & Authentication Management
Applicable Industries
- Transportation
Applicable Functions
- Business Operation
Use Cases
- Regulatory Compliance Monitoring
- Remote Asset Management
- Remote Control
Services
- Cybersecurity Services
- System Integration
The Challenge
The airline has a robust e-commerce application, allowing travelers to search and book flights directly from the corporate website. This airline website was ranked the fifth largest travel site and the largest airline site in terms of unique visitors (source: Comscore MediaMetrix). As a result of its online growth, the airline was acutely aware of the need to maintain compliance with the credit card data protection standards mandated by the Payment Card Industry (PCI) Security Standards Council in its efforts to ensure credit card security. The PCI Data Security Standard (DSS) industry protocol is a common set of tools and measurements that are applicable across industries to help ensure the safe handling of sensitive credit card data and the protection of cardholder information. PCI Compliance in travel and tourism is often differentiated from other industries because of the lag time between when a flight is booked and when the credit card is processed for that booking. In this scenario, the credit card information is usually stored until the travel has actually taken place, or shortly before. This practice is not allowed in a PCI compliant environment, leaving travel companies at risk for fines and under intense pressure for ensuring their databases are protected from being wrongly accessed or altered - unintentionally or otherwise. As a result of these requirements and increased exposure due to its popular e-commerce business, the airline needed a new approach to document the steps it was taking to achieve PCI compliance with auditors. In this case, that meant proving that passwords to its database of sensitive customer data (including names, credit card numbers, billing addresses and other information) were being effectively monitored, managed and changed regularly.
About The Customer
This Major U.S. carrier has built a successful brand based on its commitment to maintaining a loyal customer base and creating a positive travel experience. With a growing e-commerce business and a reputation based on trust, reliability and customer service excellence, the airline faced critical PCI compliance requirements necessary to protect the privacy of its customers and business. The airline has a robust e-commerce application, allowing travelers to search and book flights directly from the corporate website. This airline website was ranked the fifth largest travel site and the largest airline site in terms of unique visitors (source: Comscore MediaMetrix). The airline's commitment to customer satisfaction and security is evident in its proactive approach to meeting PCI compliance standards, ensuring the protection of sensitive customer data and maintaining the trust of its clientele.
The Solution
For any business that processes online transactions using credit cards, PCI compliance is a significant business concern. What made it especially challenging in this case was that the airline had existing systems in place to book flights, but these systems were primarily built to accommodate bookings made through travel agents and call centers. The website was initially built as an information and branding tool, but with its evolution that featured a revenue generation application that had to access those established back-end systems, PCI compliance quickly became more complex. The IT team was faced with several security challenges including how best to manage nonexpiring database passwords associated with the airline’s back-end systems. The airline looked at several alternatives and chose the CyberArk Privileged Account Security Solution because it could handle all aspects of its emerging security and compliance requirements. The airline selected CyberArk’s Enterprise Password Vault to manage its on-line booking system’s underlying operation system, and CyberArk’s Application Identity Manager™ solution to manage and change passwords to the back-end database that stores customers’ credit card information. Of particular importance was the ability of CyberArk’s Application Identity Manager to manage risks posed by passwords hard coded within applications. Privileged application identities, those application IDs (such as AppID1) used by other applications, scripts, Windows services, batch jobs and more, represent serious threats because they are largely generic, unchanged, and if an organization is not careful, changing one password could negatively impact numerous, interdependent systems with relatively little effort.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Airport SCADA Systems Improve Service Levels
Modern airports are one of the busiest environments on Earth and rely on process automation equipment to ensure service operators achieve their KPIs. Increasingly airport SCADA systems are being used to control all aspects of the operation and associated facilities. This is because unplanned system downtime can cost dearly, both in terms of reduced revenues and the associated loss of customer satisfaction due to inevitable travel inconvenience and disruption.
Case Study
IoT-based Fleet Intelligence Innovation
Speed to market is precious for DRVR, a rapidly growing start-up company. With a business model dependent on reliable mobile data, managers were spending their lives trying to negotiate data roaming deals with mobile network operators in different countries. And, even then, service quality was a constant concern.
Case Study
Digitize Railway with Deutsche Bahn
To reduce maintenance costs and delay-causing failures for Deutsche Bahn. They need manual measurements by a position measurement system based on custom-made MEMS sensor clusters, which allow autonomous and continuous monitoring with wireless data transmission and long battery. They were looking for data pre-processing solution in the sensor and machine learning algorithms in the cloud so as to detect critical wear.
Case Study
Cold Chain Transportation and Refrigerated Fleet Management System
1) Create a digital connected transportation solution to retrofit cold chain trailers with real-time tracking and controls. 2) Prevent multi-million dollar losses due to theft or spoilage. 3) Deliver a digital chain-of-custody solution for door to door load monitoring and security. 4) Provide a trusted multi-fleet solution in a single application with granular data and access controls.
Case Study
Vehicle Fleet Analytics
Organizations frequently implement a maintenance strategy for their fleets of vehicles using a combination of time and usage based maintenance schedules. While effective as a whole, time and usage based schedules do not take into account driving patterns, environmental factors, and sensors currently deployed within the vehicle measuring crank voltage, ignition voltage, and acceleration, all of which have a significant influence on the overall health of the vehicle.In a typical fleet, a large percentage of road calls are related to electrical failure, with battery failure being a common cause. Battery failures result in unmet service agreement levels and costly re-adjustment of scheduled to provide replacement vehicles. To reduce the impact of unplanned maintenance, the transportation logistics company was interested in a trial of C3 Vehicle Fleet Analytics.
Case Study
3M Gains Real-Time Insight with Cloud Solution
The company has a long track record of innovative technology solutions. For example, 3M helps its customers optimize parking operations by automating fee collection and other processes. To improve support for this rapidly expanding segment, 3M needed to automate its own data collection and reporting. The company had recently purchased the assets of parking, tolling, and automatic license plate reader businesses, and required better insight into these acquisitions. Chad Reed, Global Business Manager for 3M Parking Systems, says, “With thousands of installations across the world, we couldn’t keep track of our software and hardware deployments, which made it difficult to understand our market penetration.” 3M wanted a tracking application that sales staff could use to get real-time information about the type and location of 3M products in parking lots and garages. So that it could be used on-site with potential customers, the solution would have to provide access to data anytime, anywhere, and from an array of mobile devices. Jason Fox, Mobile Application Architect at 3M, upped the ante by volunteering to deliver the new app in one weekend. For Fox and his team, these requirements meant turning to the cloud instead of an on-premises datacenter. “My first thought was to go directly to the cloud because we needed to provide access not only to our salespeople, but to resellers who didn’t have access to our internal network,” says Fox. “The cloud just seemed like a logical choice.”
