PCI DSS compliance – Don’t fear it, but don’t ignore it!

We don’t need to tell you that the risk of fraud associated with payment card transactions and potential data breaches has been rife over the past few years.

To ensure safer transactions, IATA is expecting Accredited Travel Agents operating within the BSP to be compliant with the Payment Card Industry (PCI) and the Data Security Standard (DSS).

Effective 1 June 2017, PCI DSS compliance will even be a mandatory condition to obtain and retain accreditation as an IATA Accredited Agent under the Passenger Sales Agency Rules in Resolution 818g.

Important to note that this requirement has not emerged out of the blue. For many years, ASATA has been including a notification on this in its membership renewal documentation

In the interim, ASATA is working with the WTAAA and IATA to ascertain exactly what IATA’s requirements are with regards to PCI DSS and will make every effort to assist our members in their efforts to be compliant.

WHAT IS PCI DSS

Credit card companies have compiled the PCI Data Security Standard to enhance payment card security. All entities that store, process and transmit payment card data are required to adhere to PCI security standards, which are the technical and operational conditions to preserve payment card security.

WHAT TRAVEL AGENTS SHOULD KNOW

We understand that the PCI DSS compliance process may in some cases be complex. Depending on the nature and the size of your business, the process can vary.

Our advice would be as an initial step:

Approach your financial institution if you are a merchant and process transactions through your local Point of Sale (POS).

If you are not a merchant and only process credit card transactions through the GDS (the airline’s merchant), we suggest that you contact every credit card brand that you are working with individually, in order to find out the compliance process applicable to your agency.

For more information to help you understand the importance of PCI DSS compliance for your business and guide you through the first steps that you will need to take, please visit the dedicated PCI DSS website: www.iata.org/pci-dss

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
90218deb572a2b04751fc742ff2b5b54	7 days	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

AASA | ABTA | ANTOR | BARSA | FEDHASA | SATSA | SAVRALA | TBCSA | WTAAA | Other Useful Links | SA Coronavirus

AASA | ABTA | ANTOR | BARSA | FEDHASA | SATSA | SAVRALA | TBCSA | WTAAA | Other Useful Links
| SA Coronavirus