PCI DSS for IATA-accredited travel agencies, the requirements may vary depending on the agreements between the travel agency, the payment processors they use, and any other relevant parties. While IATA itself may not directly enforce PCI DSS compliance, the payment card companies (Visa, MasterCard, etc.) and acquiring banks often require businesses, including travel agencies, to be PCI DSS compliant if they handle credit card transactions. It's important for IATA-accredited travel agencies to be aware of their obligations and responsibilities concerning PCI DSS compliance.
The Airline carriers asked IATA to help them with their internal compliance initiative by making the BSP card sales channel PCI DSS compliant. This is why IATA-certified travel agents must now comply with the PCI DSS.BSP is a system designed to improve BSP Airlines’ financial control and cash flow by facilitating and simplifying sales, reporting, and transfer procedures for IATA-approved passenger sales agents. Billing Settlement Payments (BSP) are accepted in over 180 countries and territories worldwide. With an on-time settlement percentage of 99.999%, the system now supports over 370 member airlines. IATA’s BSP processed $236.3 billion in 2017.
PCI DSS is a set of security standards meant to protect cardholder data and ensure credit card information is handled securely. Payment card companies (such as Visa, MasterCard, American Express, and others) and acquiring banks often require it to ensure that businesses that handle credit card data maintain a secure environment and limit the risk of data breaches and fraud.