MIDOCO is PCI/DSS (Level 1) certified

PCI/DSS stands for Payment Card Industry Data Security Standard. The security of your customers' data has the highest priority at MIDOCO. MIDOCO regularly undergoes PCI/DSS (Level 1) certification to ensure this security, especially with regards to your customers' credit card data. The Payment Card Industry Security Standards Council (PCI SSC) designed four certification levels. The number of transactions processed or an individual assessment of a credit card organization define the certification level. MIDOCO processes over six million transactions and falls within the scope of the PCI/DSS (Level 1) standard. With the PCI/DSS (Level 1) standard, MIDOCO implemented the highest possible level of protection for your customers' credit card data in MIDOCO mid-office.

MIDOCO processes credit card data. The PCI/DSS standard is mandatory for companies that store, process or transmit credit card data. As part of the certification process, MIDOCO regularly undergoes an independent audit that examines various areas of the company's business activities. The auditors conduct interviews with responsible personnel, review documentation, examine partner relationships and check hardware, software, databases, network architecture and the implementation of recurring security processes. Also, MIDOCO is subject to regular penetration tests. These tests detect weak points in good time and prevent attacks. The result of the investigation is a ROC (Report On Compliance) that records the status of MIDOCO regarding the PCI/DSS requirements catalogue. The auditors create and compile notes, documents, screenshots, test documentation and references during the audit. The PCI/DSS (Level 1) certification includes quarterly vulnerability scans and an annual on-site audit.

The independent audit covers the following areas:

• The overall context of the business with regards to storage, processing and transmission
• Operation of a secure network
• Protection of storage, processing and transmission of credit card data
• Security measures against viruses and malware
• Access regulation
• Monitoring and testing of software and IT infrastructure
• Formulation and communication of a guideline for information security in the company

In the past, many cases of credit card fraud have severely damaged the reputation of this payment method and led to high costs.  The PCI SSC was launched in 2006 by the credit card companies Visa, Mastercard, American Express, Discover Financial Services and JCB International with the task of further developing the security standards for handling credit card data. Finally, the PCI/DSS standard emerged from the security regulations of Visa and Mastercard and is binding for all credit card providers.

PCI/DSS (Level 1) certification is extremely complex and cost-intensive. Therefore it does not make sense for every company to undergo this process. By storing and processing credit card data in MIDOCO, you as a MIDOCO customer can automate all areas of payment completely and in one hand. The storage of the credit card data prevents you from having to obtain the credit card data for every process that requires credit card information. This is a manual effort that affects the scalability of a process as the number of transactions increases. PCI/DSS certification is,  a cornerstone of growth in your process landscape.

There are a large number of cases where this hurdle occurs. A business travel agency would have to request the credit card data from its customer for each calculation and payment of the transaction fees. Only the storage of the credit card data of the corporate customer in the mid-office enables a fully automated handling of the entire transaction fee process. For leisure travel agencies, credit card data storage simplifies the process of making the second instalment. This process can only be fully automated if the travel agency can store credit card information. Otherwise, it is necessary to contact the customer in order to receive the credit card data for the remaining payment.