PCI DSS Compliance for Travelport Galileo & Smartpoint Users

 

To support you on your journey towards the Payment Card Industry Data Security Standards (PCI DSS) compliance, Travelport customers must download the latest versions of Galileo SSL and Travelport Smartpoint, before IATA’s proposed deadline of 01 March 2018.

The latest versions are Galileo SSL3.0.0.71 and Travelport Smartpoint 7.5. There is no auto- upgrade, so you must download these as a bundle.

Please note, from 01 March 2018, version 7.5 of Travelport Smartpoint and beyond, will be the only versions supported by Travelport. Therefore, regardless of whether you are a Travelport Smartpoint user or a Galileo Desktop user, you must install this bundle before this deadline to continue your connection to Travelport.

 

To check if your versions of Smartpoint and Galileo SSL tunnel are PCI ready, click here

 

To access the bundle, click here: PCI Compliant Bundle (Travelport Smartpoint and Galileo SSL

 

For our Step by Step Download Guide, click here: Bundle Support Guide

 

 

PCI Compliance for CrossCheck Travel Enterprise (CCTE) Users

 

Travelport is still undergoing final validation to ensure that our next CCTE release is “PCI enhanced” and contains features to help you with credit card data management (encryption), password management (more secure) and audit logs.

In the interim,  our PCI accessor has determined that CCTE can be removed from PCI DSS compliance obligations if no processing, storage or transmission of cardholder data is performed by or through CCTE.

Travelport has developed a script to replace historical credit card data with ‘****’ within your CCTE database.  Please note, this action is permanent and you will not be able to unmask the data. Following this, overnight, a scheduled script will replace “Form of Payment” data downloaded from a PNR to the Trip File. 

 

If you wish to run this script, please ensure that it is downloaded and run on the machine where your CCTE database is stored. This is usually the agency server.

 

The overview and implementation guide should be read prior to running the script as it contains further instructions which MUST be followed in order for the script to run successfully. It will also provide an explanation on the impact to the stored credit card data held within your CCTE database.

Click here to run the script: Credit Card Removal Script

 

Supporting Documents

Click here for a copy of the overview and implementation guide to the Credit Card Removal Script

 

Click here to read Forgenix’s assessment of the Credit Card Removal Script

 

For a copy of the email distributed to agency customers referring to the Credit Card Removal script, please click here