Secure Payments Framework Workgroup

From HTNG Connectivity Wiki

Jump to: navigation, search

Contents

Workgroup Overview

Defined an industry framework for secure processing of payment card information, built on existing tokenization approaches, to enable most hotel systems to move outside the scope of PCI requirements, while providing secure end-to-end processing across ALL of the parties and systems that may be involved in a transaction as it flows through the distribution chain (OTA, GDS, switch, channel manager, CRS, PMS, payment gateway, etc.).

Workgroup is now re-chartered to:

  • Allow a third party (partner) to collect payment information and encrypt the information with a public key that can only be decrypted by the tokenization service provider's private key prior to sending to hotel
  • Ensure payment card data is on a separate virtual network from other data
  • Restrict outbound traffic from networks with payment data to white listed addresses through a firewall
  • Create case studies
    • Build out scenarios
    • Include examples from a (possibly real) company – include “before and after” scenarios
    • Provide implementation guidance

Workgroup Charter Outline

Business Problem

The Secure Payments Framework Workgroup released a version 1.0 Framework in February 2013 and has been collecting implementer feedback over the past year. Implementation guidance requires more detail and extensions to the approach.

Outcomes

The workgroup proposes expanding features in order to address real-world issues that have been encountered during implementation. Workgroup proposes the following updates to the existing Secure Payments Framework:

  • Allow a third party (partner) to collect payment information and encrypt the information with a public key that can only be decrypted by the tokenization service provider's private key prior to sending to hotel
  • Ensure payment card data is on a separate virtual network from other data
  • Restrict outbound traffic from networks with payment data to white listed addresses through a firewall
  • Create case studies
    • Build out scenarios
    • Include examples from a (possibly real) company – include “before and after” scenarios
    • Provide implementation guidance

Deliverables

  • Update Secure Payments Framework - planned for November 2014
  • Create Case Studies with Implementation Guidance - planned for June 2015

Key Contacts

Co-Chairs:

  • John Bell, Ajontech LLC
  • Larry Gorman, SkyTouch Technology

HTNG Board Advisors:

  • Kevin Quinlivan, Delaware North Companies

Acting Facilitator: Joe Gallo

Status/Meeting Schedule

This workgroup meets every other Thursday at 11:00 AM EDT. Please check the HTNG Meeting & Event Calendar for upcoming teleconferences and meeting details.

Participation

List of participants

Required

  • Hotel companies that have strong in-house security experts
  • Hotel application providers/vendors

Desired

  • Expertise from implementing vendors and merchant gateways
  • Industry bodies such as the PCI Council
  • QSA service providers, such as Verizon
  • Card associations and financial institutions

Key Documents & Other Useful Information

Deliverables

Other

Personal tools
administrative tools