Posted inPCI DSS compliance
Travel agents are being forced to embark on a vital journey — to PCI DSS compliance. But the question is: Do you want a first-class experience or a risky, white-knuckle ride?
As we explained in our recent blog, travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) in the way they store, process and transmit people's payment card data.
The International Air Transport Association (IATA) implemented the new rule on March 2018. But the journey to PCI DSS compliance isn't obvious: There's a confusing array of suggested routes and seemingly-knowledgeable guides offering to help.
So which is the best approach?
Setting the right course If we go travelling, there's usually an easy way or a hard way. We can take a comfortable jet, stay in smart hotels and laze by the pool. Alternatively, we could walk for miles on muddy tracks in tropical rainstorms, sleep in the open and hitch rides on passing carts. Now the second scenario may seem authentic and character building but that's no comfort if the very survival of your business hangs in the balance.
Put simply, the journey to PCI DSS for travel agents can be monumentally tricky if you try to get there under your
own steam even with so-called guides pitching in at various moments. Think about traversing the ice roads of Alaska, the
Sichuan-Tibet highway or crocodile-infested swamps and you get the picture. Here are five particular hazards that
travel agents can encounter if they attempt to achieve PCI DSS compliance for themselves:
Hazard #1: Time, cost and distraction You’ve probably already locked down processes for handling card payments on the web or via point-of-sale. However it’s time to make sure your payments over the phone are secure, especially when it involves ‘Card-Not-Present’ payments. You must ensure your network and systems are secure, implement strong access controls and maintain a range of policies, tests and monitoring. This can be massively demanding on your resources.
Hazard #2: People perils PCI DSS is about more than stopping hackers. You can’t assume that the threat of a data breach or fraud is just from outside your organisation. Figures show that the majority of fraud happens within the contact centre.
Hazard #3: Customers demanding new channels Your PCI DSS compliance must be flexible enough to allow for growing service level expectations among your customers. There are more instant and convenient channels that include Web Chat payments, Self-Service payments and Apple Pay over the phone.
Hazard #4: Increasing threats Hackers and rogue agents can exploit any weaknesses. As threats become more intense, you need to protect against sophisticated new risks, change system passwords, install patches from vendors and also use trustworthy business partners. DIY compliance can never be a set-and-forget activity. It's a journey that never ends.
Hazard #5: Discovering it didn't work Verizon's 2015 PCI Compliance report found that fewer than one third of companies were still fully compliant less than a year later. Compliance is not a ‘check and forget’ exercise. You need to embed processes and the right culture into every aspect of your organisation to make sure you are PCI DSS compliant every minute of every day. Have you considered outsourcing your contact centre to de-scope it entirely from PCI DSS scope?
Taking the easy route
The far easier path to PCI DSS compliance is by finding the right PCI DSS partner who can do it all for you. You simply pass the compliance headache to them, while you focus on your core business. It's a bit like trusting an experienced travel agency with an important trip someone who knows every inch of the globe and all the issues that make the difference rather than 'winging it' and hoping for the best. In fact, it's even possible to prevent sensitive cardholder data from entering your systems altogether, so even though criminals are becoming more clever, if there's no data in your systems there is nothing to steal.
For further insight why not download your free copy of our guide to Rising CNP Crime in Contact Centres or our Definitive Guide to PCI DSS. You'll discover everything you wanted to know about secure payments and how they can work for you.
 Companies investigated by Verizon's forensics team from 2005-2015 following a breach.
Latest Blog Items
Friday, 06 December 2019 Twist or stick? It’s your choiceAlmost every business has legacy technology. It makes perfect sense to extending its life. But it can be a burden managing legacy systems that require specialist knowledge that may not be available from your original vendor or in your organisation.
Tuesday, 03 December 2019 Challenge #3: Despite self-service your customers still callDespite offering great self-service tools to your customers, are your agents are still handling too many calls? If customers are stuck in their old habits, they need a nudge.
Tuesday, 26 November 2019 Challenge #2 – Your self-service doesn’t have all the answersHas your company deployed a self-service app for customers — but your contact centre is still getting a constant stream of calls? When this happens, there's only one thing to do.