As a service provider and credit-card issuer, AirPlus (respectively Lufthansa AirPlus Servicekarten GmbH) is subject to the worldwide security standard PCI DSS (Payment Card Industry Data Security Standard). This global security and verification standard has been established by Mastercard Worldwide, Visa International, American Express, Discover Financial Services and JCB for enhanced protection of credit and debit card data and exceeds the statutory data-protection regulations.
According to the PCI DSS Standard, companies that process, store or transmit payment card data must reinforce protection of their data and secure it against unauthorized third party access. Hence, PCI DSS is AirPlus’ top priority. Furthermore, AirPlus accommodates the requirements set forth in the PCI DSS regulations with additional security measures. In order to do so, AirPlus maintains regular contact with Mastercard Worldwide and Visa International.
AirPlus’ compliance with and implementation of the PCI DSS Standard is verified in regular annual audits. At the end of November 2009, as part of such an audit, AirPlus was certified for the use of a reference number generator, which is also referred to as Token Generator Service. This reference number generator is a technical solution where, in PCI relevant systems, the AirPlus credit card numbers are coded by reference numbers. This procedure makes it impossible for third parties to allocate credit card numbers and demonstrably enhances security for credit card payments.