Session 4: Data Privacy and Fraud. Moderator: Bill Houck , Director, Risk Management, UATP Panelist: Peter Warner , EVP, Retail Decisions Cherie Lauretta , Manager, United Airlines Herman Mensink, EVP, Prism Group, EMEA
Bill Houck, Director, Risk Management, UATP
Peter Warner, EVP, Retail Decisions
Cherie Lauretta, Manager, United Airlines
Herman Mensink, EVP, Prism Group, EMEA
Paul Buelens, Fraud Manager, MasterCard International, Risk & Security Services, ESAMEA
Adding controls to improve security was originally geared towards internet sales. The scope of PCI changed dramatically after a series of discussions took place within the credit card industry. PCI was changed for level one merhcants to include:
One of the new and most challenging requirements facing the airline industry is the use of encryption for all stored credit card data.
The only options that would allow you to become compliant without encryption would be to mask or truncate the credit card numbers stored within your internal systems.
The challenge with encryption is the need to be able to handle customer service issues or back office investigations that require you to see credit card numbers to resolve the following:
Use all of the fraud deterrents made available to you.
Work with law enforcement and the credit card companies
if restitution is involved, see how you can become
a recipient of a portion of the restitution amount to offset
losses associated with the fraud that occurred