Credit Card Masking and Encryption Advance Screen Change
Notification
Beginning February 19, 2007 credit card numbers may be masked on Apollo® and Galileo® systems.
This advisory contains significant changes to the implementation of credit card masking. Please review the entire advisory.
______________________________________
Galileo by Travelport
Contents
Credit Card Masking and Encryption ...3
Changes since last advisory ... 3
Overview ... 3 Background ... 3 Enhancement Description ... 4 Target Market ... 4 Best Practices... 4 Enhancement Details ... 4 Terminal Emulation ...5 Structured Data ...12 AAT Settings ...13 Sign on Profiles ...14 References ... 15
Credit Card Masking and Encryption
Who:
All Apollo® and Galileo® system users, including structured data
users
What:
Credit card encryption of the Form of Payment in PNR (Apollo)
and Booking File (Galileo)
Credit Card Masking in displays, including structured data
responses
Where:
All Apollo and Galileo markets
When:
February 12, 2007 changes go into effect.
Between January 30, 2007 and February 12, 2007
update settings in preparation for activation Feb 12.
Action Required:
Ensure your agency has a secondary authorizer.
Update sign on profiles of any users who will need
to have the card numbers masked.
Changes since last advisory
• The default setting has changed. The default will be no masking for each user. The agency should update sign on profiles for any user that should have card numbers masked.
• The masking for terminal emulation (Focalpoint®) will be all Xs with only the last 4 characters exposed.
• The masking for structured data (including Viewpoint™) will be the first digit and last 4 digits exposed with everything in between masked with 0s
• Masking will be activated at approximately 2300 Mountain Time on February 19, 2007.
Overview
Both Apollo and Galileo systems will be updated to mask credit card information in credit card specific fields of the PNR or Booking File (BF) and the Profile or ClientFile. This masking will apply to both terminal emulation and structured data (within this advisory structured data includes Viewpoint™). New settings in the agency account table (AAT) and agent sign on profile (terminal security profile, or TSP) will control the display of the credit card data in its masked or unmasked form. In addition, the credit card number in the PNR/BF form of payment field will be encrypted during end transact and will be decrypted during retrieval.
Background
Payment Card Industry Data Security Standards (PCIDSS) require the credit card number to be masked on displays and encrypted when stored. This enhancement will support PCI compliance for both the Apollo and Galileo systems and for our customers. Additional information about PCIDSS can be found at:
Enhancement Description
The credit card number will be encrypted in the form of payment field in the PNR and booking file when stored on the host. When the PNR or BF is displayed, the credit card number will be decrypted. Also, the credit card number will be masked in the following fields for users with masking activated:
• Form of payment
• Hotel guaranteed payment area
• Car guaranteed payment area
• Stored fare form of payment
• Electronic ticket file
• Profile/Client File
• SSR fields:
o Guaranteed electronic payment (EPAY) o Guaranteed Payment (GUAR)
o Form of ID (FOID)
The above fields will be masked for PNR/BFs in the live system as well as in bookings displayed through Past Date Quick (PDQ) and (for subscribers) Past Date Historical Data on CD.
Target Market
All users in all markets are affected by this enhancement. This includes structured data users.
Best Practices
Agencies should review their business processes and activate masking for those users who do not have a business need to see the full credit card details. Agencies should also consider any automation being used in order to determine the impact of this change and to decide if updates to scripts or other agency applications are needed. These changes could include modifying any applications that capture credit card data from a screen display, since that data may now be masked. Agency management should take advantage of the interval before masking goes into effect to ensure all sign on profiles are set appropriately for the agency business.
Enhancement Details
As credit card holders are becoming more concerned with the security of their credit card data, the Payment Card Industry has issued standards for the protection of credit card data. In support of PCI compliance, both the Apollo and Galileo systems will begin encrypting credit card data in the form of payment field and masking the credit card number in form of payment fields in system displays. These changes apply to both the Apollo and Galileo systems accessed either through terminal emulation (Focalpoint®) or any type of structured data, including Viewpoint.
The masking applies to:
• Form of payment (F- or F.)
• Hotel guaranteed payment area
• Car guaranteed payment area
• Stored fare form of payment
• Electronic ticket file
• SSR fields:
o Guaranteed electronic payment (EPAY) o Guaranteed Payment (GUAR)
o Form of ID (FOID)
• Profile/Client File displays of the items listed above
Credit card numbers in fields that are not specified above will not be masked. It is therefore important that credit card numbers NOT be stored in fields other than those listed above.
All fields in the list above will be masked for all users of Apollo® and Galileo® with masking turned on. In addition to displays of live PNR/BFs, PNR/BFs displayed through PDQ will have the same fields masked using the same logic as the live system. Past Date data accessed off the CD will have all fields masked, regardless of AAT or sign on settings. The section below titled “Sign on Profiles and AAT Settings” provides details of options that exist at the agency and individual agent level.
The masking applies to the card number only. The other parts of the form of payment will not be masked, for example vendor code, expiration date, authorization code, etc.
Agents accessing the system through terminal emulation will see only the vendor code and the last four digits of the card number unmasked; the remainder of the card number will be masked with Xs.
For structured data users, the response with the credit card number will have the first digit of the number displayed with all other digits of the number masked with 0s (that is zeroes, in order to maintain the field definition as numeric) except for the last four digits.
Although the form of payment will be masked in the Profile or Client File display, when a move entry is made the actual card number will be moved into the PNR or BF and will be masked on the display. The system will know the real number even if the display of the number is masked.
The entry F-AX371234567890128/D1208 will not be masked as it is entered. The usual response of * will be returned and the data will still be displayed on the screen. However, once a display entry, such as *R, is made, the card number will be masked. For the entry above, the card data will be displayed as: AXXXXXXXXXXXX0128/D1208
Some scripts might read the form of payment from the PNR/BF in order to add it to other fields in the PNR/BF or new segments, for example the car and hotel guarantee fields. These scripts will no longer work if the user has masking turned on since they will capture the masked data, not the actual number. TravelScreen Plus™ might be a good alternative for these situations since it will allow a guarantee form of payment to be entered which will be moved into the car or hotel segment sell.
The following examples will show how fields, which will be masked, display before the enhancement and how they will display after the enhancement.
Terminal Emulation
Form of Payment:
Current Form of Payment Apollo PNR display FOP:-VI4005550000000019/D1209 Masked Form of Payment Apollo PNR display FOP:-VIXXXXXXXXXXXX0019/D1209 Current Form of Payment Galileo BF display FOP -VI4005550000000019/D1209 Masked Form of Payment Galileo BF display FOP -VIXXXXXXXXXXXX0019/D1209
Hotel Guaranteed payment:
Current Hotel itinerary PNR/BF display1. HHL RT HK1 LON 23FEB-24FEB 1NT 5652 NOVOTEL LONDON HEAT 1ROHRAC -1/RG-GBP124.00/AGT99999992/G-VI4005550000000019EX P1209/NM-TEST BOOKING/CF-1551HBM500* Masked Hotel itinerary PNR/BF display
1. HHL RT HK1 LON 23FEB-24FEB 1NT 5652 NOVOTEL LONDON HEAT 1ROHRAC -1/RG-GBP124.00/AGT99999992/G-VIXXXXXXXXXXXX0019EX P1209/NM-TEST BOOKING/CF-1551HBM500*
Masked Deposit/Prepayment Format: Apollo:
1.1PATTON/DTEST
1 UA4926Y 22JUL LIHHNL SS1 800A 829A * SU E OPERATED BY ALOHA AIRLINES
2 HHL OR SS1 HNL 22JUL-23JUL 1NT 1043 OHANA WAIKIKI WEST
1STDBAR -1/RT-USD119.00/ADV GTE/AGT14537482/G-DPSTVIXXXXXXXXXXXX4403-EXP1209 3 UA4951Y 29JUL HNLLIH SS1 900A 937A * SU E
OPERATED BY ALOHA AIRLINES
Galileo:
1.1PATTON/DEBBIE
1. UA 1444 Y 22JUN PHXDEN HS1 0600 0843 O E FR OPERATED BY UNITED FOR TED
2. HHL ES SS1 DEN 22JUN-23JUN 1NT 52557 EMBASSY DENVER ARPT 1J1KAAA -1/RT-USD229.95/ADV GTE/AGT14537482/G-DPSTVIXXXXXX XXXXXX4403EXP1209
3. UA 1515 Y 25JUN DENPHX HS1 0700 0753 O E MO OPERATED BY UNITED FOR TED
Car Guaranteed payment
Current Car itinerary PNR/BF display2. CCR ZR HK1 ATL 23FEB-24FEB CCAR/RG-USD24.65WD-UNL MI/BS-23212081/PUP-ATL01/ARR-9A/RC-AFD123/DT-5P/G-VI4005550000000019EXP1209/NM-TE
ST BOOKING/CF-W8112189 * Masked Car Itinerary PNR/BF display
2. CCR ZR HK1 ATL 23FEB-24FEB CCAR/RG-USD24.65WD-UNL MI/BS-23212081/PUP-ATL01/ARR-9A/RC-AFD123/DT-5P/G-VIXXXXXXXXXXXX0019EXP1209/NM-TE
ST BOOKING/CF-W8112189 *
Form of Identification (FOID) Special Service Request
Current Apollo FOID SSR display:Masked Apollo FOID SSR display:
GFAX- SSRFOIDQFHK1/CCVIXXXXXXXXXXXX0019-1CREDITCARD/MASK Current Galileo FOID SSR display:
** MANUAL SSR DATA **
SSRFOIDQF HK 1 /CCVI4005550000000019-1CREDITCARD/MASK Masked Galileo FOID SSR display:
** MANUAL SSR DATA **
SSRFOIDQF HK 1 /CCVIXXXXXXXXXXXX0019-1CREDITCARD/MASK
Guaranteed Electronic Payment (EPAY) and Guaranteed Payment (GUAR) Special
Service Requests (SSR):
Current Apollo GUAR SSR display:
GFAX-SSRGUARWSNN1 VI4005550000000019/D1209/CREDITCARD MASKING Masked Apollo GUAR SSR display:
GFAX-SSRGUARWSNN1 VIXXXXXXXXXXXX0019/D1209/CREDITCARD MASKING
Current Galileo GUAR SSR display:
** MANUAL SSR DATA ** 1. SSRGUARWS NN 1 VI4005550000000019/D1209/CREDITCARD MASKING Masked Galileo GUAR SSR display:
** MANUAL SSR DATA ** 1. SSRGUARWS NN 1 VIXXXXXXXXXXXX0019/D1209/CREDITCARD MASKING
Fare Form of Payment
Current Apollo PNR Fare Form of Payment display: Response to T:$B or T:V
>$B-*K29/FVI4005550000000019|D1209 *FARE GUARANTEED AT TICKET ISSUANCE* LAST DATE TO PURCHASE TICKET: 15APR07 $B-1 C06OCT06 DEN DL ATL 654.88Y0BV USD654.88END ZP DEN FARE USD 654.88 TAX 2.50AY TAX 49.12US TAX 4.50XF TAX 3.30ZP TOT USD 714.30 TICKETING AGENCY K29 DEFAULT PLATING CARRIER DL US PFC: XF DEN4.5 BAGGAGE ALLOWANCE: 2PC
Response to *R or *T
ATFQ-OK/$B-*K29/FVI4005550000000019|D1209/TAK29/CDL FQ-USD 654.88/USD 49.12US/USD 10.30XT/USD 714.30 - 6OCT Y0BV
Masked Apollo PNR Fare Form of Payment display: Response to T:$B or T:V
T:$B or T:V response:
>$B-*K29/FVIXXXXXXXXXXXX0019|D1209 *FARE GUARANTEED AT TICKET ISSUANCE* LAST DATE TO PURCHASE TICKET: 15APR07 $B-1 C06OCT06 DEN DL ATL 654.88Y0BV USD654.88END ZP DEN FARE USD 654.88 TAX 2.50AY TAX 49.12US TAX 4.50XF TAX 3.30ZP TOT USD 714.30 TICKETING AGENCY K29 DEFAULT PLATING CARRIER DL US PFC: XF DEN4.5 BAGGAGE ALLOWANCE: 2PC
Response to *R or *T
As displayed in the PNR (*R or *T)
ATFQ-OK/$B-*K29/FVIXXXXXXXXXXXX0019|D1209/TAK29/CDL FQ-USD 654.88/USD 49.12US/USD 10.30XT/USD 714.30 - 6OCT Y0BV
Current Galileo BF Fare Form of Payment display:
FQ1 - S1 AP 18JUL06 64/AG P1 TEST/BOOKING G 21JUL06 * GBP 77.00 LON BD PAR 109.80HOWBMI NUC109.80END ROE0.537292
FARE GBP59.00 TAX 5.00GB TAX 13.00UB TOT GBP77.00 S1 FB-HOWBMI B-20K NB-23SEP NA-23SEP NONREF / FEE FOR CHANGE
T S1/FVI4005550000000019*D1209
Masked Galileo BF Fare Form of Payment display:
FQ1 - S1 AP 18JUL06 64/AG P1 TEST/BOOKING G 21JUL06 * GBP 77.00 LON BD PAR 109.80HOWBMI NUC109.80END ROE0.537292
FARE GBP59.00 TAX 5.00GB TAX 13.00UB TOT GBP77.00 S1 FB-HOWBMI B-20K NB-23SEP NA-23SEP NONREF / FEE FOR CHANGE
T S1/FVIXXXXXXXXXXXX0019*D1209
Electronic Ticket File
Current Apollo Electronic Ticket File display:
TKT: 0161234567890 NAME: MANDY/BILL CC: 4005550000000019 USE CR FLT CLS DATE BRDOFF TIME ST F/B FARE CPN UA 2048 Y 23MAY SFOLAX 100P OK YSHUTTLE 80.91 1 UA 2049 Y 27MAY LAXSFO 300P OK YSHUTTLE 80.91 2 FARE USE 161.82 TAX 16.18 TAX 3.00XF TOTAL USD 181.00 FP VI40055500000000196661 EXP1209/ 0023 FC-1-MAY SFO UA LAX 80.91 US SFO 80.91 USD 161.82 END XFLAX3
Masked Apollo Electronic Ticket File display:
TKT: 0161234567890 NAME: MANDY/BILL CC: XXXXXXXXXXXX0019 USE CR FLT CLS DATE BRDOFF TIME ST F/B FARE CPN UA 2048 Y 23MAY SFOLAX 100P OK YSHUTTLE 80.91 1 UA 2049 Y 27MAY LAXSFO 300P OK YSHUTTLE 80.91 2 FARE USE 161.82 TAX 16.18 TAX 3.00XF TOTAL USD 181.00 FP VIXXXXXXXXXXXX0019 EXP1209/ 0023 FC-1-MAY SFO UA LAX 80.91 US SFO 80.91 USD 161.82 END XFLAX3
Current Galileo Electronic Ticket File display:
TKT: 125 9900 168093 NAME: LINXCRE/TEST CC: AX370000000000028 ISSUED: 30OCT06 FOP:AX370000000000028-4321 PSEUDO: 0XJ6 PLATING CARRIER: BA ISO: GB IATA: 99999992 USE CR FLT CLS DATE BRDOFF TIME ST F/B FARE CPN OPEN BA 115 Y 30APR LHRJFK 1620 OK Y2 1 OPEN BA 178 Y 04MAY JFKLHR 0915 OK Y2 2 FARE GBP 730.00 TAX 20.00 GB TAX 13.00 UB TAX 103.60 XT TOTAL GBP 866.60 LON BA NYC Q5.66 682.99Y2 BA LON Q5.66 682.99Y2 NUC 1377.30END ROE0.530018 XT 1.40AY15.60US2.70XA3.80XY 2.70YC75.00YQ2.40XF JFK4.5
RLOC 1G KSV8X8 1A YOB9DU Masked Galileo Electronic Ticket File display:
TKT: 125 9900 168093 NAME: LINXCRE/TEST CC: AXXXXXXXXXXXX0028 ISSUED: 30OCT06 FOP:AXXXXXXXXXXXX0028-4321 PSEUDO: 0XJ6 PLATING CARRIER: BA ISO: GB IATA: 99999992 USE CR FLT CLS DATE BRDOFF TIME ST F/B FARE CPN OPEN BA 115 Y 30APR LHRJFK 1620 OK Y2 1 OPEN BA 178 Y 04MAY JFKLHR 0915 OK Y2 2 FARE GBP 730.00 TAX 20.00 GB TAX 13.00 UB TAX 103.60 XT TOTAL GBP 866.60 LON BA NYC Q5.66 682.99Y2 BA LON Q5.66 682.99Y2 NUC 1377.30END ROE0.530018 XT 1.40AY15.60US2.70XA3.80XY 2.70YC75.00YQ2.40XF JFK4.5
PNR / BF History Display
Current Apollo PNR History display: ** HISTORY **XS HHL HH 10NOV SS/HK 1 CHI 11NOV 1NT 4745 HILTON OHARE AIRP RT 1A01LV4 -1/RT-USD159.00/AGT14537482/G-VI4005550000000019EXP1 209/NM-CREDIT MASK/CF-3241469112 *
XS CCR AL 10NOV SS/HK 1 ORD -11NOV ECAR/RG-USD49.44DY-UNL FM X D69.44-UNL FM XH23.15-UNL FM/BS-14537482/PUP-ORDT71/RC-88EF/DT-6 A/G-VI4005550000000019EXP1209/NM-CREDIT MASK/CF-429435009COUNT * AQP PROQ/GK5*43
AS CCR AL 10NOV SS/SS 1 ORD -12NOV ECAR/RG-USD49.44DY-UNL FM X D69.44-UNL FM XH23.15-UNL FM/BS-14537482/PUP-ORDT71/RC-88EF/DT-6 A/G-VI4005550000000019EXP1209/NM-CREDIT MASK/CF-429435009COUNT * AO OSIUA*HH* HHLHHXX1CHI10NOV/CX-1686543947 *
RCVD-P/C037864 -CR- XDB/GK5/1V AG VS 26JUL0246Z HS UA 532 Y10NOV DENORD NN/HK1 640A 954A *
AFP VI4005550000000019/D1209 Masked Apollo PNR History display:
** HISTORY **
XS HHL HH 10NOV SS/HK 1 CHI 11NOV 1NT 4745 HILTON OHARE AIRP RT 1A01LV4 -1/RT-USD159.00/AGT14537482/G-VIXXXXXXXXXXXX0019EXP1 209/NM-CREDIT MASK/CF-3241469112 *
XS CCR AL 10NOV SS/HK 1 ORD -11NOV ECAR/RG-USD49.44DY-UNL FM X D69.44-UNL FM XH23.15-UNL FM/BS-14537482/PUP-ORDT71/RC-88EF/DT-6 A/G-VI XXXXXXXXXXXX0019EXP1209/NM-CREDIT MASK/CF-429435009COUNT * AQP PROQ/GK5*43
AS CCR AL 10NOV SS/SS 1 ORD -12NOV ECAR/RG-USD49.44DY-UNL FM X D69.44-UNL FM XH23.15-UNL FM/BS-14537482/PUP-ORDT71/RC-88EF/DT-6 A/G-VI XXXXXXXXXXXX0019EXP1209/NM-CREDIT MASK/CF-429435009COUNT * AO OSIUA*HH* HHLHHXX1CHI10NOV/CX-1686543947 *
RCVD-P/C037864 -CR- XDB/GK5/1V AG VS 26JUL0246Z HS UA 532 Y10NOV DENORD NN/HK1 640A 954A *
AFP VI XXXXXXXXXXXX0019/D1209
Current Galileo PNR History display: ** HISTORY **
SC CCR AL 10NOV HK/UC1 ORD -11NOV CCAR/BS-23212081/RC-AFD123/DT -2200/G-AX371019534732004/CF-... AVI CAL *FEHLENDES UNGUELTIGES ENDDATUM
RCVD-FLL AL05JUL/1728
CRDT- FLL/ /1G AL 1946Z/05JUL
VLR UA 532 Y 10NOV DENORD NN/HK1 640 954 O* AVL UA*NQSGG9 HDQRMUA 05JUL 1728
)> RCVD-
CRDT- / /1G 1728Z/05JUL AQP PROQ/XX3*32*CLR
HS UA 532 Y 10NOV DENORD NN/HS1 640 954 O B HS CCR AL 10NOV NN/SS1 ORD -11NOV CCAR/BS-23212081/RC-AFD123/DT -2200/G-AX371019534732004/CF-...B HS HHL GI 10NOV SS/SS1 CHI 11NOV 1NT23899 HILTON GI OHARE 1A1K-RAC -1/RT-USD209.00/ADV GTE/AGT23212081/G-AX371019534
Masked Galileo PNR History display: ** HISTORY **
SC CCR AL 10NOV HK/UC1 ORD -11NOV CCAR/BS-23212081/RC-AFD123/DT -2200/G-AXXXXXXXXXXXX2004/CF-... AVI CAL *FEHLENDES UNGUELTIGES ENDDATUM
RCVD-FLL AL05JUL/1728
CRDT- FLL/ /1G AL 1946Z/05JUL
VLR UA 532 Y 10NOV DENORD NN/HK1 640 954 O* AVL UA*NQSGG9 HDQRMUA 05JUL 1728
)> RCVD-
CRDT- / /1G 1728Z/05JUL AQP PROQ/XX3*32*CLR
HS UA 532 Y 10NOV DENORD NN/HS1 640 954 O B HS CCR AL 10NOV NN/SS1 ORD -11NOV CCAR/BS-23212081/RC-AFD123/DT -2200/G-A XXXXXXXXXXXX0019/CF-...B HS HHL GI 10NOV SS/SS1 CHI 11NOV 1NT23899 HILTON GI OHARE 1A1K-RAC -1/RT-USD209.00/ADV GTE/AGT23212081/G-AXXXXXXXXXX
XX2004*1206/CF-...
Booking File Fixed format display
Current Galileo Booking File Fixed format display:
00951D03009N0TC7E006/64009 XDBKR011 C378641006 AG003012 99999992 009 26JUL003010C37864100300699M 003510010060010030041014CREDIT/MASK 0115300300501005BA007 302005K 00823MAR006LHR006CDG005HK0051 0080 620 004 0080825 004O004 004 004E005FR005 005 004 00281101006001006LHN004N004/ 00352E01027VI4005550000000019/D1209 00112301003 Masked Galileo Booking File Fixed format display:
00951D03009N0TC7E006/64009 XDBKR011 C378641006 AG003012 99999992 009 26JUL003010C37864100300699M 003510010060010030041014CREDIT/MASK 0115300300501005BA007 302005K 00823MAR006LHR006CDG005HK0051 0080 620 004 0080825 004O004 004 004E005FR005 005 004 00281101006001006LHN004N004/ 00352E01027VIXXXXXXXXXXXX0019/D1209 00112301003
Profile / Client File display Current Apollo Profile display:
1Y/N:1CREDIT/MASK 2Y/P:DENB/303-555-1212 3Y/T:T/ 4Y/R:P 5Y/F-VI4005550000000019/D1209 Masked Apollo Profile display:
1Y/N:1CREDIT/MASK 2Y/P:DENB/303-555-1212 3Y/T:T/ 4Y/R:P 5Y/F- VIXXXXXXXXXXXX0019/D1209
Current Galileo Client File display:
1Y/N.1CREDIT/MASK 2Y/P.LONB/071 397 5000 3Y/T.T* 4Y/R.PSGR 5Y/F.VI4005550000000019/D1209
Masked Galileo Booking Client File display:
1Y/N.1CREDIT/MASK 2Y/P.LONB/071 397 5000 3Y/T.T* 4Y/R.PSGR 5Y/F.VIXXXXXXXXXXXX0019/D1209
Structured Data
The masked credit card data will be displayed as all zeros (0) except for the first digit and the last four digits in the:
• Form of Payment KLR.
• Hotel Optional field KLR.
• Car Optional field KLR.
For example, credit card number 3123 7654321 8431 will display as 3000 0000000 8431. The following examples show the credit card numbers in the masked form.
Form of Payment:
Hotel Optional:
Car Optional:
AAT Settings
A combination of new AAT and sign on profile settings will be used to control who does and does not see the unmasked credit card numbers. Three AAT fields will determine the criteria to be used for masking the credit card data. The first AAT field, MMSK, will indicate if the AAT or the sign on profile is to be used in determining if the card number should be masked. If MMSK indicates the AAT is to be used, then the other new AAT fields will indicate if card numbers are to be masked for structured data users (SMSK) and/or terminal emulation users (TMSK). If MMSK indicates the sign on profile is to be used, the CMSK field in the STD display will be used.
At time of implementation, the fields will be set to use the sign on profile to determine if a specific user of the system will see the data masked or unmasked. If an agency wants to have numbers masked for all users without exception, they should contact the help desk to have their AAT changed so that MMSK is set to use the other AAT indicators, and ensure those indicators are set appropriately for the agency’s terminal emulation and structured data interfaces.
Sign on Profiles
By default, the sign on profile settings will result in no change to what the user sees. The default settings will be to NOT mask card numbers. The new control in the sign on profile is CMSK. It appears on the third screen of the display (STD/Zabc/**) and has two fields. All terminal security profiles will have the second field in CMSK set to N, which, depending on AAT settings, will result in no change to the display of card numbers (this is a change from the original advisory). The first subfield indicates the ability of the user to change the CMSK field for sign on profiles they own and applies to secondary authorizers. Secondary authorizers will have the first field set to Y (
CMSK ·Y·Y
) and all others will have first field set to N (CMSK ·N·Y
).Secondary authorizer display (STD/Z123ABC/**)
>STD/ Z123ABC/** NAME: CREDITCARD MASKING ADDRESS CODE: DENKF . TERMINALS IN USE: .../... AUTHORITY LEVEL: SECOND 1ST LEVEL:·N 2ND LEVEL:·N SELAC ·Y·Y PFARE ·Y·Y PDQA- ·Y·Y BILL- ·N·. DARVP ·Y·Y COWNR ·Y·Y ETOD- ·Y·Y FSHP- ·N·N DIAL- ·N·N SPVRQ ·Y·Y MSGQ- ·Y·Y RULB- ·Y·Y RULD- ·Y·Y RULX- ·Y·Y MNTR- ·N·N HORAC ·N·N PREV- ·Y·Y PRO-C ·Y·Y PRO-D ·Y·Y PRO-M ·Y·Y PRO-N ·Y·Y PRO-O ·Y·Y PRO-R ·Y·Y PRO-T ·Y·Y PRO-U ·Y·Y QFWD- ·Y·Y QSUM- ·Y·Y AATV- ·N·N DOTA ·N·N HMLRG ·N·N CMSK ·Y·N ... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·. · >
Agent level display (STD/Z123ABC/**)
>STD/ ZK29/CC ./** NAME: CREDIT CARD MASK ADDRESS CODE: DENK29 . TERMINALS IN USE: .../... AUTHORITY LEVEL: AGENT 1ST LEVEL:·N 2ND LEVEL:·N SELAC ·N·N PFARE ·N·N PDQA- ·N·Y DARVP ·Y·Y COWNR ·N·N ETOD- ·N·N FSHP- ·N·N DIAL- ·N·N SPVRQ ·N·Y MSGQ- ·N·Y RULB- ·N·N RULD- ·N·N RULX- ·N·Y MNTR- ·N·N HORAC ·N·N PREV- ·N·Y PRO-C ·N·Y PRO-D ·N·N PRO-M ·N·Y PRO-N ·N·Y PRO-O ·N·N PRO-R ·N·Y PRO-T ·N·N PRO-U ·N·N QFWD- ·N·N QSUM- ·N·N AATV- ·N·N DOTA ·N·N HMLRG ·N·N CMSK ·N·N ... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·. · >
Agency secondary authorizers should update the sign on profiles of the agents in their office to turn masking on as appropriate for each user in their office. If the secondary authorizer in the agency should only see masked data, he or she must contact the help desk to update his or her sign on profile.
Although the industry does recognize the need for some personnel within the agency to see the unmasked card numbers, agency management is asked to keep in mind that good judgment must be used in selecting agency and agent level settings.
New sign on profiles created after January 29 will have masking turned on by default. The creator can modify that setting during creation or at any time. See the next page for an example of the default settings.
>STD/ ZK29/CM ./** NAME: CREDIT MASKING
ADDRESS CODE: DENK29 . TERMINALS IN USE: .../...
AUTHORITY LEVEL: AGENT 1ST LEVEL:·N 2ND LEVEL:·N
SELAC ·N·N PFARE ·N·N PDQA- ·N·Y
DARVP ·Y·Y COWNR ·N·N ETOD- ·N·N FSHP- ·N·N
DIAL- ·N·N SPVRQ ·N·Y MSGQ- ·N·Y RULB- ·N·N RULD- ·N·N
RULX- ·N·Y MNTR- ·N·N HORAC ·N·N PREV- ·N·Y PRO-C ·N·Y
PRO-D ·N·N PRO-M ·N·Y PRO-N ·N·Y PRO-O ·N·N PRO-R ·N·Y
PRO-T ·N·N PRO-U ·N·N QFWD- ·N·N QSUM- ·N·N AATV- ·N·N
DOTA ·N·N HMLRG ·N·N CMSK ·N·Y ... ·.·. ... ·.·.
... ·.·. ... ·.·. ... ·.·. ... ·.·. ... ·.·.
· >
References
HELP ENHANCE-MASK CREDIT CARD S*GEM/MASK CREDIT CARD
Implications to Other Products
Screen scrapers (such as Scriptwriter Plus™ or third party applications which read the PNR or BF display) Applications receiving our structured data
© 2007 Galileo International. All rights reserved.
Information in this document is subject to change without notice. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Galileo International. All screen examples and other inserts associated with system output are provided for illustration purposes only. They are not meant to represent actual screen responses, rates, etc.
Galileo International may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. The furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property rights except as expressly provided in any written license agreement from Galileo International. All other companies and product names are trademarks or registered trademarks of their respective holders.
