First payment solution to support secure payments on common-use platforms now available
BRUSSELS – 2017 Air Transport IT Summit – 25 May 2017: SITA has launched the first payment solution which addresses the need for airlines to be able to accept payments securely at airports when using a shared IT infrastructure. SITA AirportConnect Common Use Payment Service enables payment transactions by multiple airlines on a single payment terminal. Importantly, this is possible with any, and all, of the departure control systems the airlines choose to use.
Airlines use common-use or shared IT infrastructure at airports around the world and this ground-breaking solution has been developed by SITA to support airlines that wish to accept payments at common-use check-in desks, kiosks and bagdrop areas for baggage fees, upgrades and other ancillary charges. SITA's new solution uniquely combines point-to-point encryption (P2PE) technology, with Europay, Mastercard, Visa (EMV) and Payment Card Industry (PCI) compliant chip card payment terminals, applications and processes, to allow multiple merchants to use the same terminal while meeting PCI security standards.
SITA has implemented this service with a major European airline at a common-use airport where rigorous testing proved the effectiveness of the encryption technology for chip, magnetic stripe and contactless card payment transactions.
SITA's common-use payment service meets the unique operational challenges of airlines. It allows airlines to share the same point of sale (PoS) and PIN entry devices (PEDs) at the airport, while continuing to use their preferred payment service providers and banks. This maximizes the benefits of the airline's existing commercial relationships. Importantly, the service is also designed to minimize fraud risks by implementing encryption with EMV card readers and provides support for a secure payment solution aligned with credit card brand approvals.
Barbara Dalibard, CEO, SITA, said: “This new service, integrated with our SITA AirportConnect platform, allows airlines, airports and other air transport industry stakeholders to accept credit card payments in a common-use environment in line with Payment Card Industry standards. Our service features point-to-point encryption to provide a powerful, flexible solution for all stakeholders to ensure the protection of customer data.”
P2PE in SITA AirportConnect Common Use Payment Service delivers significant benefits including making account data unreadable by unauthorized parties. It “de-values” account data because it cannot be abused – even if stolen. In addition, P2PE can simplify compliance with PCI DSS (Data Security Standard) requirements for airlines and airports by reducing the number of addressable requirements during a PCI security assessment.
SITA AirportConnect Common Use Payment Service further enhances the community values that are central to common-use across the industry. It is the culmination of work with the International Air Transport Association (IATA) Common Use Working Group in collaboration with various payment industry leaders, including Verifone, Thales and Smart Technology Solutions.
Peter Galvin, Vice President Strategy at Thales e-Security said: “Thales's extensive expertise and leadership in the payment security market, enriched by our long-standing partnerships with leading payments processing vendors, allows us to help innovators such as SITA deliver the high levels of performance and security required for payment processing.”
The payment terminals available as part of SITA's service are capable of supporting PCI compliance requirements for an airline's passenger credit card data handled through SITA's CUTE/CUPPS/CUSS system. PCI compliance certification, however, still requires an end-to-end security review by each airline of its own full payment process.
Initially available for SITA AirportConnect workstations, the service will be rolled out to support SITA's common-use kiosks and bagdrop stations over the coming months.