Case Study – Travel
Travel Case #1
A leading travel company sought to enhance its transaction security by upgrading from 3D Secure 1.0 to 3D Secure 2.0 with a custom flow, choosing Moneris as its service provider. As the demands for security evolved, they partnered with HostedPCI for a seamless integration that met compliance standards and elevated security levels.
The major challenge involved integrating Moneris 3D Secure 2.0 into the company’s established payment infrastructure without disrupting existing payment flows or diminishing the customer experience. This required modifications to their existing Custom 3DS 1.0 workflow to include custom-tailored API calls for seamless authentication during transactions.
To address these challenges, the project began with an assessment and planning phase where the existing payment system was comprehensively reviewed to pinpoint specific integration needs for 3DS 2.0. A detailed project plan was developed to incorporate the new system without interrupting operational flows. During the custom integration development phase, the existing Custom 3DS 1.0 flow was adapted to align with 3DS 2.0 requirements, enhancing security protocols while preserving user experience, and implementing custom-tailored API calls to ensure reliable and swift transaction verification.
The testing and optimization phase involved extensive testing—unit, integration, and user acceptance tests—to meet all technical and operational requirements. Transaction flows were refined to reduce latency and maximize efficiency, maintaining transparency for end users.
The successful integration of Moneris 3D Secure 2.0 with HostedPCI led to a substantial decrease in fraudulent transactions through advanced authentication mechanisms. This security improvement significantly boosted customer satisfaction due to the efficient and unobtrusive checkout process, increased customer confidence in transaction security, boosted transaction volumes, and improved customer retention. This case study underscores how customized payment security solutions can effectively meet the specific needs of merchants, ensuring compliance and enhancing customer satisfaction in a dynamic travel industry environment.
Travel Case #2
The first transaction processed through HostedPCI is the booking transaction. Unlike a standard sale transaction, the credit card is processed not by the travel company, but by the airline company, which confirms the booking. As a result, the API action needed for this transaction is our XML Message Dispatch. This type of transaction allows the client to tailor the API request to the airline’s specifications to transmit the customer and transaction details for processing. Since the travel company holds only the token, they send the API request to HostedPCI with the token, and HostedPCI replaces the token with the credit card before sending the message to the airline.
The insurance transaction follows the same route as the booking transaction; however, the third party in this case is different, potentially requiring a varied request structure. Similar to the airline transaction, the client will assemble the appropriate request, including the token, and will send the transaction to HostedPCI for the insurance company to charge the insurance fee.
Regarding the surcharge transaction, it is carried out through the chosen payment gateway—Moneris, in this instance, which is the travel company’s gateway. The structure of the payment request differs from the request for XML Dispatch. Unlike the third-party request, which the client assembles, the gateway request is structured using specific parameters provided by HostedPCI to streamline the Sale request.
By utilizing HostedPCI for their PCI DSS compliance, the travel company successfully reduced its PCI scope by entrusting the entire collection, storage, and exchange process to a secure third-party proxy. This shift decreased their PCI scope from an SAQ type D, encompassing approximately 400 questions, to a more manageable SAQ type A, consisting of only 11 questions.