Failed to comply with PCI-DSS? These are the consequences

01 March was D-Day for travel agents to become PCI-DSS compliant.

IATA has warned that failure by the Agent to provide IATA with the necessary evidence of PCI-DSS compliance will trigger the following non-compliance actions:

If your Travel Agent is currently located in a country governed by Resolution 818g, failure to comply with these requirements per IATA’s request will result in a Notice of Non-compliance being issued against the Agent and member Airlines will be notified. This notice will be in force until the country of the agent’s operation is migrated to New Gen ISS under Resolution 812 and will specify that Credit Card form of payment will be restricted for this Travel Agent unless the evidence is provided prior to the specified date. It should be noted that this action will not lead to suspension.

If your Travel Agent is located at a country governed by Resolution 812, failure to comply with these requirements per IATA’s request will result in an Administrative Non-Compliance and required the Agent to remedy the situation within 30 days of the notice. In case the Agent, has not demonstrated to IATA ́s satisfaction that the reason for the Administrative Non-Compliance has been remedied, IATA will:

immediately restrict the Agent’s use of the Customer Card Payment Method; and
such restriction will remain in place until the Agent has demonstrated to IATA’s satisfaction that the reason for the Administrative Non- Compliance has been remedied and the Agent is compliant with all applicable requirements for authorization to use the Customer Card Payment Method.

IATA has advised that PCI DSS Wizard Tool is now live

The TrustKeeper PCI Manager account is ready for use for those Travel Agents whose merchant level are one of the three defined below.

Level 2 – Any merchant — regardless of acceptance channel — processing between 1 million to 6 million total transactions annually (or 1 million to 6 million total BSP transactions)

Level 3 – Any merchant processing 20,000 to 1 million e-commerce card BSP transactions per year

Level 4 – Any merchant processing fewer than 20,000 e-commerce card BSP transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M card transactions per year

*Detailed merchant level definitions can be found at Visa and MasterCard.

If an Agency does not process credit card transactions, the Agency must submit through the IATA Customer Services portal.

It should be noted that upon completion of such declaration no further proof of compliance will be requested from your Agency, however Credit Card form of payment will be disabled for your Agency upon migration of your country of operation under NewGen environment and resolution 812.

You can register your TrustKeeper PCI Manager account by following the below link:

https://pci.trustwave.com/iata

TrustKeeper PCI Manager will walk you through the steps that are right for your business type, making it easy for you to understand what needs to be addressed, how to find the solution, and easily check-off the task once it is complete.

The key features of TrustKeeper PCI Manager include:

Recognised by the PCI Security Standards Council (PCI SSC)

Trustwave is recognised by the PCI Security Standards Council (PCI SSC) as a Qualified Security Assessor Company.

Trusted Commerce Seal and Certification

After you have completed the streamlined compliance process, PCI Manager will facilitate reporting your compliance status back to IATA automatically on your behalf. You can view and download milestone progress reports, download a Certificate of Compliance as well as the PCI Attestation of Compliance. You can display the Trusted Commerce® seal on your website to showcase your compliance to visitors.

Web Based Portal

The compliance process can be challenging. TrustKeeper PCI Manager is a secure, intuitive and easy to understand web-based portal designed to walk you through the compliance process step-by-step.

The portal is available in the following languages: English, Danske, Deutsch, English (UK), Español, Suomi, Français, Français (Canada), Íslenska, 日本語, Nederlands, Norsk, Polski, Português, Svenska, 简体中文, 繁體中文

After you have created your username and password, we recommend bookmarking the URL: https://login.trustwave.com

Hassle free

TrustKeeper PCI Manager takes the SAQ completion process complexity away from you by providing simple questions that guide you into completion of the correct SAQ type applicable to your business.

Online Security Awareness training

TrustKeeper PCI Manager provides you with basic courses about PCI DSS so you will feel confident with the matter.

Around-the-Clock

Trustwave’s team of seasoned compliance support analysts is available 24 hours, 7 days a week, 365 days of the year. For assistance, contact Trustwave by email at support@trustwave.com or by calling the following number in South Africa: 800 981 295.

Express Renewal

PCI DSS validation is required annually. All Travel Agents, must warranty continued compliance with PCI DSS, therefore an express renewal feature will help you to easily comply with this requirement, if no significant changes have occurred since the previous assessment.

As already pointed out, the utilisation of the tool to obtain PCI certification is not free of charge, service descriptions along with pricing can be found on the IATA PCI DSS Certification Program page. Also, this tool is just an alternative way for your Agency to obtain PCI DSS certification. IATA will accept the evidence of compliance as long as it is properly certified by the eligible partner of PCI Security Standards Council, depending on the level of compliance that your Agency falls into.

Last but not least, IATA would like to remind you that there is a dedicated PCI DSS webpage to help you understand the importance of this requirement for your business, guide you through the first steps that you will need to take and indicate the evidences that will be accepted by IATA to indicate compliance:

http://www.iata.org/services/finance/Pages/pci-dss.aspx

For support in regard to any enquiry, please contact IATA via the Customer Portal. These queries will be handled with the highest priority.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
90218deb572a2b04751fc742ff2b5b54	7 days	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

You might also like

AASA | ABTA | ANTOR | BARSA | FEDHASA | SATSA | SAVRALA | TBCSA | WTAAA | Other Useful Links | SA Coronavirus

AASA | ABTA | ANTOR | BARSA | FEDHASA | SATSA | SAVRALA | TBCSA | WTAAA | Other Useful Links
| SA Coronavirus