Umbrella Midoffice and Umbrella Profiles are PCI/DSS (Level 1) certified

Umbrella processes credit card data. The PCI/DSS standard is mandatory for companies that store, process or transmit credit card data. As part of the certification process, Umbrella regularly undergoes an independent audit that examines various areas of the company's business activities. In this context, requirements are set that Umbrella must fulfill in order to receive certification. Interviews are conducted with those responsible, documentation is reviewed, partner relationships are examined, hardware, software, databases, network architecture and the regular implementation of security processes are checked. Umnbrella is also subjected to regular penetration tests. The aim is to identify vulnerabilities in good time and prevent attacks.

The following areas are examined as part of the independent audit:

1. Overall context in which credit card data is stored, processed and transmitted
2. Operation of a secure network
3. Protection of the storage, processing and transmission of credit card data
4. Security precautions against viruses and malware
5. Access regulation
6. Monitoring and testing of software and IT infrastructure
7. Formulation and communication of an information security policy for the company

The result of the investigation is a ROC(Report On Compliance), in which Umbrella's status with regard to the PCI/DSS requirements catalog is recorded. Evidence includes notes, documents, screenshots, test results and references that were created and compiled during the audit. Quarterly vulnerability scans and an annual on-site audit are planned for PCI/DSS (Level 1) certification.

PCI/DSS (Level 1) certification is extremely time-consuming and cost-intensive. Therefore, it does not make sense for every company to undergo this audit. By storing and processing credit card data in Umbrella, you as an Umbrella customer have the opportunity to fully automate all areas of payment in one place. The storage of credit card data prevents you from having to obtain credit card data for every process that requires credit card information. This is a manual effort that impairs the scalability of a process as the number of transactions increases. This makes PCI/DSS certification a cornerstone of growth within your process landscape.

There are a number of cases where this hurdle arises. A travel agency would have to request credit card data from its customer for each calculation and payment of transaction fees. Only by storing the corporate customer's credit card details in the mid-office can the entire transaction fee process be fully automated. For vacation travel agencies, credit card data storage simplifies the execution of the final payment. This process can thus be fully automated, as otherwise it is necessary to contact the customer to obtain the credit card details for the final payment.