IATA and the PCI-DSS
IATA has mandated that all travel agents achieve Payment Card Industry Data Security Standard (PCI DSS) compliance to obtain and retain accreditation as an IATA accredited agent. Despite the prospect of fines and penalties, many agents are not PCI-compliant. There are numerous reasons for this, ranging from a lack of awareness or interest to underestimating the technical complexity of the Standard.
IATA (in consultation with ACTA) has recognised that the process of becoming compliant with the PCI DSS can be complex and lengthy for travel agents.
Broken down into six major security goals with 12 areas of focus, the PCI DSS could impose a possible 288 requirements. Consequently, it has extended the enforcement date from June 2017 to 1 March 2018. This effective date aligns with the planned implementation date for NewGen ISS, and PCI DSS compliance is an integral part of the resolution rules.
Whether you are a large or a small agent looking to achieve and maintain compliance with the PCI DSS, Key IVR can help.
Contact us on 01302 513 000 or firstname.lastname@example.org