Airmiles sharpens security en route to PCI compliance

Travel loyalty scheme Airmiles is on course to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) in March following a 14-month project.

Travel loyalty scheme Airmiles is on course to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) in March following a 14-month project.

The company, which has a turnover of £124m, has eight million loyalty scheme members and processes 400,000 credit card transactions a year.

Airmiles infrastructure manager Gavin Woolnough said the £400,000 PCI DSS project was the company's biggest single IT project in its 19-year history. Although it was necessary to avoid fines from credit card companies, the project was also an opportunity to upgrade security.

"It is a good exercise because it allows us to better secure our systems as a lot of the elements of compliance are about securing the network and data," he said.

Simon Langley, head of PCI DSS at professional services firm KPMG, said the retail sector was catching up with financial services in security.

"In the financial sector, companies have done a lot because of regulations, but retailers have not generally taken security seriously unless something happens. But now they are being compelled to address security issues they did not know they had, they have woken up to the fact that security should have been improved years ago," he said.

Airmiles had to add components to its existing infrastructure, including new firewalls and an upgrade to its credit card processing platform, supplied by Logic Group.

"We had to redesign the local area network and core systems that process credit card payments. They used to sit on the Lan but they are now separated on a secure network layer," said Woolnough.

In the latest stage of the project the company implemented an encryption device from Ingrian Networks to secure data on the network. Credit card data resting on internal systems is encrypted so that it can only be viewed by those permitted to do so.




Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close