Eyal Nevo, PCI Booking: “even giant corporations with millions poured into cybersecurity suffer breaches”

by PCI Booking & Cybernews | September 22, 2022

In today’s world, making online transactions and purchasing goods or services is a daily task for many companies and individuals. However, securing payment details is often challenging even for large-scale businesses with professional cybersecurity solutions..

Cybercriminals continuously upgrade their attack vectors and find new ways to attack companies that are holding massive amounts of sensitive information, including credit card details and payment information.
Therefore, Cybernews had a chat with Eyal Nevo, the CEO at PCI Booking, about the latest technology solutions to help companies protect their payment processing and handling flows.

How did the idea of PCI Booking come about in 2016? What has the journey been like?

Before we started working on our Payment Card Industry Data Security Standard (PCI) products, the entire team had worked for InterFAX – an online faxing service. With this product, we came across a large hotel chain in the UK that needed a faxing solution where they could receive fax documents containing hotel reservation information, along with credit card data. This has introduced us to the world of PCI compliance and to many of the pain points that companies in the travel and hospitality industry deal with regularly. 

In 2013, we came up with an idea to offer a secure messaging service that would allow an electronic and PCI-compliant way of sending messages. In 2016, this solution has morphed into our PCI Shield product which offers 360-degree protection for the organization against credit card detail exposure. 

We were very fortunate that one of our first customers required many of the services and functions. It helped us to fine-tune the product to real-world scenarios and come up with solutions that would then be utilized by other customers. 

Also, following the impacts of COVID we have released a companion product – Orchestra. It allows customers to have much greater flexibility in how they design their credit card processing and handling flows.

Can you introduce us to what you do? What methods do you use to make payments secure and easy?

PCI Booking offers two products to help customers secure their systems and/or their workflows. 

The first one is the PCI Shield with which customers can fully outsource and offload all credit card processing and handling to our secure system. This means that our customer can perform all functions necessary on the card but through our system. This way, the card details never reach the customer’s system and so they are never exposed to any risks. 

The other product we have is Orchestra. It’s a full payment orchestration system that allows the customer to retain their own workflow but pick and choose which credit card functions they would like to use through our APIs. This way they can enhance their card processing flow with advanced security, validation, and authentication. 

What cyberthreats affecting payment data do you find the most concerning at the moment?

For our system, all cyberthreats are a concern. We offer a high availability service to our customers who, in turn, have implemented it as a major backbone of their card processing flow. So even a DDOS attack on our service is a concern. It’s also equally important for us to protect and ensure that the credit card data is never exposed – either by a breach of our system or by accidental misuse of the customer. 

How do you think the recent global events altered your field of work?

Until recently, our main focus was the travel and hospitality industries which are the two most affected industries by COVID-induced regulations. The impact on the travel industry, and consequently on PCI Booking, has shifted us towards re-packaging our services and creating a new product, Orchestra. This way we could attract all sorts of companies, not just in the travel industry. 

Many companies were forced to either move their entire operation online or add new e-commerce capabilities that did not exist before. And for many of these companies, credit card security is not in their wheelhouse and they would require a service provider to offer support and simplify that headache.

Would you like to share some of the best practices businesses should adopt to prevent fraud and other cyberthreats?

The first thing to think about when reviewing cyberthreats is whether you actually need all the data you’re storing. Many companies store massive amounts of data that they don’t need and that makes them bigger targets. 

The second thing to think about, in the same context, is how long you should store the data. The best practice would be to delete the data as soon as it’s no longer needed as reducing your data footprint is the first and simplest task anyone can do. 

After that, you should review the processes that capture and handle the data. That includes the following: 

  • What data compliance regulations do you fall under? 
  • Are there services, such as Orchestra, that can add functionality to your existing flow? 
  • Are there services, similar to PCI Shield, that allow you to outsource the data processing to a service provider? 

Finally, try to find a data security expert to provide suggestions on available tools for authentication, validation, and fraud prevention. 

Talking about individual users, what security measures do you think everyone should implement to protect themselves online?

For individual users, I’d recommend verifying where you use your cards by following these tips:

  • Get to know the tricks on how to spot a fraud site from a real one. 
  • Be suspicious as to where you enter your card details, especially following a non-solicited request by phone or email. 

Always check your credit card statement regularly to review all charges and contact your bank immediately if there is anything suspicious. 

In your opinion, what are some of the worst habits that can put not only the company’s workload but also the company’s customer data at risk?

The main problem with cybersecurity is that people do not believe it relates to them or they are overconfident in their level of security-related knowledge. Even giant corporations with millions poured into cybersecurity have breaches annually – for example, the 2018 breach at British Airways

All companies should have data security and cybersecurity in their mind. Especially when storing their customers’ data and even more so when dealing with personal, medical, or payment information. Even if you are protected, you always have to do routine checks to make sure that everything is safe and that all security measures are up to date.

How do you think the financial sector is going to evolve in the near future?

The financial sector is going to be more focused on e-commerce than ever before. More and more transactions will be made with credit cards and online. Customers will advance to use more secure ways of storing their card details, such as with e-wallets, and more sophisticated but streamlined payment security solutions will be introduced. All of these constant changes in the payment world are yet another reason why companies should look into services such as ours to avoid the need of redesigning their payment system after each change.

And finally, what does the future hold for PCI Booking?

We are very excited about the future. 2022 has already started with a huge uptake of usage by existing customers and interest from new customers in PCI Shield. The travel industry is set to raise the records on all indicators and this includes our usage volume which is already near the peaks of 2019. Additionally, Orchestra has everything it takes to help a huge number of companies in many different verticals. We are planning to grow and expand our worldwide sales and marketing team, followed by an increase in our operations, research and development teams. In the next two to three years, we expect to double our employee headcount and then double it again following growth and demand from the market.

Learn More About The Tokenization Solution

PCI Booking’s tokenization service provides the flexibility to store files or text strings in a highly secure environment; importantly, you can access it any time through our APIs and protect yourself and your customers from becoming targets of an attack.