In a recent SafetyDetectives interview, Eyal Nevo, CEO of PCI Booking, delves into the origins and evolution of the company. Born from a need to ensure PCI compliance for credit card details in the travel industry, PCI Booking emerged as a pioneering solution. Nevo explains the vital role PCI Booking plays in safeguarding payment processing and facilitating outsourced PCI compliance, particularly within the travel sector. He discusses the immense challenges businesses face in achieving and maintaining PCI compliance and how PCI Booking eases this burden. Additionally, Nevo offers expert advice on best practices for handling payment card data and staying ahead of emerging threats in the payment processing landscape. How did the idea of PCI Booking come about, and what has the journey been like? We had been…

We are pleased to inform you of updates we have introduced to our PCI Shield product. Effective now, customers have the option of preventing storing the same card details multiple times, thus creating multiple tokens for, effectively, the same data. If enabled, PCI Booking will identify cards that have been previously tokenized and assign them with their original token. Currently, PCI Booking creates a new token each time a card is processed, regardless of whether it has already stored in the system. By using the card lookup feature, you can save money on both the tokenization request and storage fees, in addition to reducing the headache of managing multiple tokens that are the same card. Preventing duplicates in this manner is optional, and you have…

Due to security vulnerabilities, and following the PCI Council’s requirement to cease support of older security protocols, PCI Booking will discontinue support of both TLS 1.0 (an older security protocol use on SSL secure web pages) and older versions of SSL onJune 1, 2018. Prior to this date, we strongly recommend that customers test their environment within our pilot environment, where support for TLS 1.0 has been already disabled.  This will allow you to send requests to the pilot environment and confirm there will be no issues in your production system once support for TLS 1.0 is removed on June 1st. A description of the behavior change in the system, once support of TLS 1.0 has been removed, and our full recommendations on how to prepare and…

As part of our efforts to constantly improve the PCI Booking offer, we have been busy developing a range of improvements for the Gateway feature that both strengthen performance and reduce the required level of customer interaction with the Gateway. The main change is, instead of providing direct IP addresses of the server(s) hosting the customer’s Gateway endpoints, we will now provide one CNAME record to be set by the customer into their DNS records. Setting up the Gateway in this configuration will support and allow the following: 1. The customer will only need to set one DNS record per endpoint to direct the endpoint URL to the CNAME URL. 2. The CNAME URL will direct traffic to a load balancer and high availability system within PCI…

To enable merchants to remain fully PCI DSS compliant while accepting payment details from customers over telephone calls, PCI Booking has launched its latest feature: Card Over The Phone. Card Over The Phone allows merchants to accept payment card data via telephone by providing the customer with a card capture page through a shared link delivered via SMS or email and completed in order to confirm the booking being requested. This eliminates the current requirement, and the PCI compliance issues that arise from such, of payment details being verbally communicated with employees. Compliance issues, many of which that are unique to telephone payment, include employee screening procedures, the recording and storage of customer calls, plus the protection of details taken from both recorded and non-recorded…

Successfully remaining PCI compliant requires attention across all methods of accepting payment card data, including telephone. To facilitate telephone bookings, PCI Booking has developed Card Over The Phone. Card Over The Phone enables merchants to remain fully PCI DSS compliant while accepting payment details from customers over telephone calls. This is achieved by removing the requirement for customers to verbally communicate their card details. Instead, a card capture page is accessed through a shared link delivered via SMS or email, which is then completed by the customer themselves. Implementation of Card Over The Phone, in place of the current system of verbal communication, allows merchants to remain PCI compliant without worrying about the PCI compliance issues - some of which that are unique to telephone payment.…

As part of PCI Booking’s efforts to improve user experience, we are delighted to announce Universal Tokenization, a solution designed to aid customers working with multiple third party partners (such as Booking.com, Expedia and many others). Universal Tokenization eliminates the previous need for customers to manually develop a separate integration for each partner, a timely and complicated task. Customers using this solution are now required configure only one integration. All third-party requests will be directed through PCI Booking, where such requests are automatically translated into the required format of the selected partner. Learn more about Universal Tokenization on our dedicated product page. Also, see our technical documentation for more information and to retrieve a complete list of all supported third-parties.