• en
  • de

Release Info 15th February 2018

Data Security Requirements

Due to changes within the data security requirements and the PCI DSS standards there are some changes in Umbrella Faces.

All Agencies:
Due to the new password security guidelines we have updated our tool accordingly. After being logged in for a certain time and without working in the tool, session timeouts will apply. There are the following new rules of password handling:

  • the password must be changed at least every 90 days
  • the password must have a minimum length of 7 characters
  • the password must contain upper and lowercase letters, numbers and at least one special character
  • when changing the password none of the last five passwords can be used
  • after 6 failed login attempts a user account is locked for 30 minutes
  • after 15 minutes of inactivity, the password must be entered to reactivate the terminal / session
  • the maximum session time after which the user must log in again must not exceed 200 minutes
  • ‘remember me’ function had to be removed

PCI DSS Compliant Agencies:

Company and agency administrators are given the option to click on an ‘eye’ behind the tokenized credit card on a profile to see the full card details.
As soon as having clicked on the ‘eye’ the process is handled by Datatrans which relies on further security checks.
Note: Company and agency administrators need valid email addresse in the user account to receive security tokens.

  1. Click on “eye” behind tokenized credit card
  2. Enter 6 digit activation code which is sent to the administrator email
  3. Enter Security Code
  4. Credit card in full text

Primary Passport

In the section „Travel Documents – Passports” a new checkbox “Primary Passport” is available to identify a passport for primary use. Only one passport can be set as primary.


Note: all existing and new profiles will have this checkbox unticked.

New Mapping if passport is set as primary
Amadeus CSX: the profile transfer indicator “A” (automatically moved into PNR) is send to the profile
Cytric: the “Make this Government ID your primary Government ID for APIS and TSA Secure Flight Data” in the Government ID is set to “yes”
Sabre Red Profile: the “Include Secure Flight Information (SR DOCS/DOCO)” is set to “yes”

New copy source for publishing:
primaryPassport (usable with e.g. primaryPassport.number)
secondaryPassports# (usable with e.g. secondaryPassports#.number)
Note: existing source “passport#.” can still be used, no change in the functionality.

Check on Privacy Policy accepted in Cytric

In “my agency”, “Interfaces” and Target system “CYTRIC” it is possible to configure that privacy policy in Cytric needs to be accepted in Cytric for the profile to be imported to Faces. Therefore the new checkbox “Require pushed profiles to have accepted privacy policy” is available.

Activate: all new incoming profiles from Cytric with privacy policy accepted “NO” will be blocked and not imported to Faces
Deactivate: no check on the privacy policy (current behaviour)

Note: If a profile is already imported to Faces and the function is activated after the import the profile will be still updated and/or deleted.

Umbrella Organisation AG
Binzstrasse 33
CH - 8620 Wetzikon

Phone: +41 44 933 53 90
E-Mail: info@umbrella.ch