Release Info 15th February 2018
Data Security Requirements
Due to changes within the data security requirements and the PCI DSS standards there are some changes in Umbrella Faces.
Due to the new password security guidelines we have updated our tool accordingly. After being logged in for a certain time and without working in the tool, session timeouts will apply. There are the following new rules of password handling:
- the password must be changed at least every 90 days
- the password must have a minimum length of 7 characters
- the password must contain upper and lowercase letters, numbers and at least one special character
- when changing the password none of the last five passwords can be used
- after 6 failed login attempts a user account is locked for 30 minutes
- after 15 minutes of inactivity, the password must be entered to reactivate the terminal / session
- the maximum session time after which the user must log in again must not exceed 200 minutes
- ‘remember me’ function had to be removed
PCI DSS Compliant Agencies:
Company and agency administrators are given the option to click on an ‘eye’ behind the tokenized credit card on a profile to see the full card details.
As soon as having clicked on the ‘eye’ the process is handled by Datatrans which relies on further security checks.
Note: Company and agency administrators need valid email addresse in the user account to receive security tokens.
- Click on “eye” behind tokenized credit card
- Enter 6 digit activation code which is sent to the administrator email
- Enter Security Code
- Credit card in full text
In the section „Travel Documents – Passports” a new checkbox “Primary Passport” is available to identify a passport for primary use. Only one passport can be set as primary.
Note: all existing and new profiles will have this checkbox unticked.
New Mapping if passport is set as primary
Amadeus CSX: the profile transfer indicator “A” (automatically moved into PNR) is send to the profile
Cytric: the “Make this Government ID your primary Government ID for APIS and TSA Secure Flight Data” in the Government ID is set to “yes”
Sabre Red Profile: the “Include Secure Flight Information (SR DOCS/DOCO)” is set to “yes”
New copy source for publishing:
primaryPassport (usable with e.g. primaryPassport.number)
secondaryPassports# (usable with e.g. secondaryPassports#.number)
Note: existing source “passport#.” can still be used, no change in the functionality.
Note: If a profile is already imported to Faces and the function is activated after the import the profile will be still updated and/or deleted.