Credit Card Data Management in Car Rental : Plan for a standard compliant system
Nurmi, Olli (2017)
Metropolia Ammattikorkeakoulu
2017
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201705249883
https://urn.fi/URN:NBN:fi:amk-201705249883
Tiivistelmä
The purpose of this thesis was to find all instances that do not comply with the rules and regulations issued by the payment card industry within the credit card data management systems of a car rental company and to propose a plan for a fully compliant system. The company in question was a large car rental company in Finland. The company had an old system and processes with which it managed credit cards and credit card data which had not been upgraded in many years. This study proposed a plan for a new system which is fully compliant with these rules and regulations. Due to confidentiality issues the car rental company is only referred to as the Company in this thesis.
A comprehensive study of the current system and practices was conducted using a qualitative method of interviews of personnel handling credit cards or credit card data. The resulting current state analysis was then combined with best practice gathered from the payment card industry’s own standards, Merchant Rules of the Finnish credit card handler Nets and Finnish legislation. This combination resulted in the Initial Proposal which was then circulated for feedback. That feedback was used to generate the Final Proposal which is the outcome of this thesis.
The current state analysis revealed numerous non-compliance issues throughout the rental and invoicing process. These issues ranged from fully visible credit card number in the rental system and storing credit card information on printed out rental agreements through the manual keying in of the credit information to transferring the credit card data to invoicing unencrypted with the full credit card number visible.
The author recommends that the Company changes their credit card management systems and practices. The plan proposed in this thesis should be used as the basis for the new system.
A comprehensive study of the current system and practices was conducted using a qualitative method of interviews of personnel handling credit cards or credit card data. The resulting current state analysis was then combined with best practice gathered from the payment card industry’s own standards, Merchant Rules of the Finnish credit card handler Nets and Finnish legislation. This combination resulted in the Initial Proposal which was then circulated for feedback. That feedback was used to generate the Final Proposal which is the outcome of this thesis.
The current state analysis revealed numerous non-compliance issues throughout the rental and invoicing process. These issues ranged from fully visible credit card number in the rental system and storing credit card information on printed out rental agreements through the manual keying in of the credit information to transferring the credit card data to invoicing unencrypted with the full credit card number visible.
The author recommends that the Company changes their credit card management systems and practices. The plan proposed in this thesis should be used as the basis for the new system.