Frankfurt/ Germany, April 2010 – Ypsilon.net AG, global travel IT provider, has undergone a vast audit and certification procedure in order to fully comply with the security requirements of the payment card industry (PCI DSS – Payment Card Industry Data Security Standard) and to provide its customers with the utmost degree of payment security. Class 1 is the highest level of PCI DSS compliance.

The audit and certification has been carried through by SRC GmbH, one of the few companies authorized by the Credit card industry to conduct such tasks. The encryption and storage of sensitive data has been upgraded in order to meet the stringent security standards. No stone has been left unturned, the restructure involved several aspects such as personnel related security, safety and traceability, general security and reliability.

The audit and certification procedure of the codes, processes and all system components included in the scope of PCI DSS compliance took place over a period of 6 months. The complete card holder environment, the part of the Ypsilon network that possesses card holder data or sensitive authentication data, has been audited and verified.

The certification encompassed verifications on firewalls, switches, routers, wireless access point, network appliances, and other security appliances, web, application, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). The result is that Ypsilon is not only class 1 PCI DSS certified but is now also in a position to offer safe storage facility and credit card neutralization services by usage of tokens to third party companies.

Hans Joachim Klenz, CEO der Ypsilon.net AG:

"The travel industry as a whole has been heavily targeted by credit card fraud and it is our responsibility as a leading IT solution provider to ensure the highest degree of payment security for the protection of our customers. They are entitled to that and it is extremely important for any IT provider which stores, processes or forwards credit card details to ensure such protection; after all the consequences of card fraud can be extremely costly to all involved. As in many areas, Ypsilon is now also first mover in terms of data security certification. We have optimized all relevant environments with great care in order to comply with the highest security level of the industry like banks, financial institutes and other huge corporations do that process extremely sensitive data. Thus, customers should always differentiate which class of a PCI DSS certification an IT provider holds.”