Payment Card Industry Data Security Standards (PCI DSS) is a global data security standard to protect confidential payment card information against theft. For the travel industry the need to become PCI DSS compliant just got a whole lot more urgent.
IATA and AFTA are demanding compliance
Airlines have demanded that IATA support their own internal compliance projects by making the IATA Billing and Settlement Plan (BSP) to be Payment Card Industry (PCI) Data Security Standard (DSS) compliant. This is why IATA is making PCI DSS compliance mandatory for Accredited Travel Agents by March 2018. AFTA has issued a notification that become PCI-DSS compliance will become a requirement of ATAS accreditation in the future.
Corporate risk management
For the same reasons as the airlines demanding IATA become PCI DSS compliant, corporations are doing risk due diligence and want their entire supply chain to be secure. Travel agencies that can’t meet these requirements will lose clients. Credit card fraud effects everyone in the travel ecosystem; customers lose trust in your travel business, they in turn lose credibility with their clients and can have their own credit rating hurt.
How to be compliant
It’s not just about systems, the standard includes business processes and both need to be assessed and vulnerabilities identified and removed. For example, storing card holder data at all should be avoided unless there is a strong business case to do so.
Finally it involves submitting required reports to the appropriate acquiring bank and card brands.
There is a well-documented process to become PCI DSS compliant on the IATA website and AFTA will be providing specific advisory notes about PCI-DSS compliance over the coming months and will assist travel agents as they work towards becoming compliant.
How Tramada can help
Tramada has offered a PCI DSS compliant mid-office environment since 2010 and many agencies using tramada® have in place business processes that will make them compliant.
Sensitive data such as credit card details and passwords have always been encrypted in tramada® however additional steps have been undertaken to ensure a fully compliant environment. Access to pages containing sensitive information (such as credit card data) is logged for examination in case of suspected fraud or security breach.
tramada® Payment Gateway improves the environment further by processing online credit card payments from within the protected tramada® environment. tramada® Payment Gateway manages all the required reporting to banks and card brands.
Additional access security measures are also available with tramada® such as access control and 2 Factor Authentication (2FA).
For more information on tramada® secure platform CLICK HERE