18.7 C
Cape Town
Mon, Nov 30, 2020
Home Retail travel Are you doing enough to protect your clients’ data? PCI DSS is...

Are you doing enough to protect your clients’ data? PCI DSS is more than just a buzzword.

-

4 min read

The travel industry has been the target of a number of important data breaches recently, which has reinforced the notion that PCI DSS is much more than just a buzzword.

Just a few days ago, online travel agent Booking.com admitted that it is compensating customers whose personal details have been stolen.

Although the online agency says its systems have not been compromised, customers of hotels and guest houses listed on Booking.com were targeted. Users first received WhatsApp and text messages instructing them to change their passwords because they had allegedly fallen victim to a security breach.

Once they clicked on the link, hackers reportedly sent phishing emails asking them to send payment details for their bookings. The content of the emails was very well-written and included names, addresses, phone numbers, costs, reference numbers and booking dates.

Booking.com is not the only travel player to have been affected. The list of travel industry players that have been compromised at some point is endless and includes major names like Sabre and InterContinental Hotels Group.In March this year, travel booking website Orbitz also announced it discovered a potential data breach that exposed information for hundreds of thousands of customers.

Not only the big conglomerates are at risk either. Even the smallest travel agents hold important data about their clients that could be of interest to hackers.

It is important for customers to know that their data is being protected, because so many businesses are susceptible to data breaches, at their customer’s expense.  Without the proper security measures in place, hackers could have access to your data and your customers’ data. PCI compliance is a certain way to improve the level of security.

What is PCI DSS?

Credit card companies have compiled the PCI Data Security Standard to enhance payment card security. All entities that store, process and transmit payment card data are required to adhere to PCI security standards, which are the technical and operational conditions to preserve payment card security.

As a minimum global data security standard, PCI DSS aims to protect confidential card and payment information against theft, fraud and other forms of data misuse.

How does PCI DSS impact on travel agents?

Travel agents have had to comply with Payment Card Industry Data Security Standards (PCI DSS) since 01 March 2018 or they stand to lose their ability to issue flight tickets on credit card.

One of the main obstacles for travel agents of becoming PCI DSS compliant has been the lack of knowledge on the topic. A lot of travel agents still don’t know why they should be PCI DSS compliant and what the process involves.

How can travel agents become compliant?

IATA has rolled out a PCI DSS Wizard tool for Travel Agents.

For the development and roll-out of this tool, IATA signed a referral partner agreement with Trustwave, a Qualified Security Assessor (QSA) by the PCI Security Standards Council.

The tool walks travel agents through the steps that are right for their business type, making it easy for them to understand what needs to be addressed, how to find the solution, and check off any task once it is complete.

After travel agents have completed the streamlined compliance process, the compliance status is sent back to IATA automatically on the agent’s behalf.

Travel agents can view and download milestone progress reports, download a Certificate of Compliance as well as the PCI Attestation of Compliance. They can display the Trusted Commerce® seal on their website to showcase their compliance to visitors.

Agents can register their TrustKeeper PCI Manager account by following this link.

Important to note is that the use of this tool to obtain PCI certification is not free of charge. Service descriptions along with pricing can be found on the IATA PCI DSS Certification Program page.

Who else can travel agents call or contact with questions about PCI DSS?

Agents can also speak to their acquiring bank who will guide them based on their PCI level and can supply a list of locally available Qualified Security Assessors. Additionally, merchants can search for a QSA by navigating to https://www.pcisecuritystandards.org/assessors_and_solutions/

What are the consequences of non-compliance? 

IATA has listed the consequences of non-compliance as follows:

• Lost confidence, so customers go to other merchants
• Diminished sales
• Fraud losses
• Higher subsequent costs of compliance
• Legal costs, settlements and judgments
• Fines and penalties
• Termination of ability to accept payment cards
• Going out of business

If travel agents have any more questions about PCI DSS, they can visit the IATA FAQ page.

Dorine Reinstein
Dorine Reinstein
Dorine Reinstein is a seasoned travel writer and editor, who is passionate about retail travel as well as inbound tourism. She has written for award-winning publications. Dorine has completed her Honours Degree in English and Dutch Literature in Belgium as well as her Honours Degree in Drama in France. When moving to South Africa, she obtained her Advanced Journalism Diploma in Johannesburg. She has a knack for languages and can write effortlessly in English, Dutch and French.

Must Read

Norwegian Cruise Line launches summer 2023 Itineraries

Norwegian Cruise Line, the innovator in global cruise travel with a 53-year history of breaking boundaries, today opened for sale summer 2023...

Hideaways on the Garden Route

After a year filled with challenges, hardships and fears, most people are keen for a holiday that offers a complete break from...

Flight Centre Travel Group RSA repositions Flight Centre Business Travel and Corporate Traveller for post-COVID growth

Flight Centre Travel Group RSA today announced the integration of the wholly-owned Flight Centre Business Travel brand into the award-winning global Corporate...

Fedhasa urges Insurers to ‘do the right thing’ as the hospitality industry continues to bleed

Fedhasa has condemned Santam’s decision to appeal the unanimous decision by a full bench of the Western Cape High Court requiring the...

Airlink and Amadeus partner to boost growth and enhance the traveler experience

Airlink adopts Amadeus solutions that will allow its customers to benefit from a better travel experience and improved efficiency as well as...