PCI DSS for IATA Travel Agencies
Regarding PCI DSS for IATA-accredited travel agencies, the requirements may vary depending on the agreements between the travel agency, the payment processors they use, and any other relevant parties. While IATA itself may not directly enforce PCI DSS compliance, the payment card companies (Visa, MasterCard, etc.) and acquiring banks often require businesses, including travel agencies, to be PCI DSS compliant if they handle credit card transactions. It's important for IATA-accredited travel agencies to be aware of their obligations and responsibilities concerning PCI DSS compliance.
Why is IATA enforcing PCI DSS to all accredited travel agencies
The carriers asked IATA to help them with their internal compliance initiative by making the BSP card sales channel PCI DSS compliant. This is why IATA-certified travel agents must now comply with the PCI DSS.BSP is a system designed to improve BSP Airlines’ financial control and cash flow by facilitating and simplifying sales, reporting, and transfer procedures for IATA-approved passenger sales agents. Billing Settlement Payments (BSP) are accepted in over 180 countries and territories worldwide. With an on-time settlement percentage of 99.999%, the system now supports over 370 member airlines. IATA’s BSP processed $236.3 billion in 2017.
What is PCI DSS?
PCI DSS is a set of security standards meant to protect cardholder data and ensure credit card information is handled securely. Payment card companies (such as Visa, MasterCard, American Express, and others) and acquiring banks often require it to ensure that businesses that handle credit card data maintain a secure environment and limit the risk of data breaches and fraud.
How travel agencies can become PCI DSS compliant?
1. Understand PCI DSS requirements.
2. Identify the scope of the cardholder data environment.
3. Implement security measures and controls.
4. Regularly monitor and test security.
5. Complete the Self-Assessment Questionnaire (SAQ) if applicable.
6. Engage Qualified Security Assessor (QSA) if required.
7. Report compliance to acquiring bank or payment card brands.
8. Maintain ongoing compliance through continuous monitoring and updates.
PCI DSS compliance is a critical aspect of maintaining a secure and trustworthy environment for IATA-accredited travel agencies. SkyBook Global, is travel outsourcing company support IATA-accredited travel agencies in achieving PCI DSS compliance within short period. To know more about the services, please contact Email: info@skybookglobal.com
Have a Question.?
Have a question? We’d love to hear from you! Fill out the form, and our team will get back to you as soon as possible. Whether you need more information or have specific inquiries, we’re here to help.
