× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

Travel agents: How to book your PCI DSS journey the easy way
Monday, 22 January 2018

Travel agents are being forced to embark on a vital journey — to PCI DSS compliance. But the question is: Do you want a first-class experience or a risky, white-knuckle ride?

Travel agents easy journey 900

As we explained in our recent blog, travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) in the way they store, process and transmit people's payment card data. 

The International Air Transport Association (IATA) implemented the new rule on March 2018. But the journey to PCI DSS compliance isn't obvious: There's a confusing array of suggested routes and seemingly-knowledgeable guides offering to help.

So which is the best approach?

Setting the right course If we go travelling, there's usually an easy way or a hard way. We can take a comfortable jet, stay in smart hotels and laze by the pool. Alternatively, we could walk for miles on muddy tracks in tropical rainstorms, sleep in the open and hitch rides on passing carts. Now the second scenario may seem authentic and character building but that's no comfort if the very survival of your business hangs in the balance.

Put simply, the journey to PCI DSS for travel agents can be monumentally tricky if you try to get there under your
own steam even with so-called guides pitching in at various moments. Think about traversing the ice roads of Alaska, the
Sichuan-Tibet highway or crocodile-infested swamps and you get the picture. Here are five particular hazards that
travel agents can encounter if they attempt to achieve PCI DSS compliance for themselves:

Hazard #1: Time, cost and distraction You’ve probably already locked down processes for handling card payments on the web or via point-of-sale. However it’s time to make sure your payments over the phone are secure, especially when it involves ‘Card-Not-Present’ payments. You must ensure your network and systems are secure, implement strong access controls and maintain a range of policies, tests and monitoring. This can be massively demanding on your resources.

Hazard #2: People perils PCI DSS is about more than stopping hackers. You can’t assume that the threat of a data breach or fraud is just from outside your organisation. Figures show that the majority of fraud happens within the contact centre.

Hazard #3: Customers demanding new channels Your PCI DSS compliance must be flexible enough to allow for growing service level expectations among your customers. There are more instant and convenient channels that include Web Chat payments, Self-Service payments and Apple Pay over the phone.

Hazard #4: Increasing threats Hackers and rogue agents can exploit any weaknesses. As threats become more intense, you need to protect against sophisticated new risks, change system passwords, install patches from vendors and also use trustworthy business partners. DIY compliance can never be a set-and-forget activity. It's a journey that never ends.

Hazard #5: Discovering it didn't work Verizon's 2015 PCI Compliance report found that fewer than one third of companies were still fully compliant less than a year later[1]. Compliance is not a ‘check and forget’ exercise. You need to embed processes and the right culture into every aspect of your organisation to make sure you are PCI DSS compliant every minute of every day. Have you considered outsourcing your contact centre to de-scope it entirely from PCI DSS scope?

Taking the easy route

The far easier path to PCI DSS compliance is by finding the right PCI DSS partner who can do it all for you. You simply pass the compliance headache to them, while you focus on your core business. It's a bit like trusting an experienced travel agency with an important trip someone who knows every inch of the globe and all the issues that make the difference rather than 'winging it' and hoping for the best. In fact, it's even possible to prevent sensitive cardholder data from entering your systems altogether, so even though criminals are becoming more clever, if there's no data in your systems there is nothing to steal.

For further insight why not download your free copy of our guide to Rising CNP Crime in Contact Centres or our Definitive Guide to PCI DSS. You'll discover everything you wanted to know about secure payments and how they can work for you.

If you'd like to know more about secure payments then get in touch.

[1] Companies investigated by Verizon's forensics team from 2005-2015 following a breach.


About the Author

Claire Lynam

Claire Lynam

Marketing Manager

Claire is a professional marketer with 30 years experience in marketing, communications and PR, creating content and collateral that resonates with an organisation's audience. Having worked in multi-national companies and SMEs, Claire has expertise in creating messaging that works for both B2C and B2B markets. 

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out the critical next steps to ensuring security for your remote workers involving your people, processes and technology. #contactcentres #securepayments #eckoh bit.ly/2D7QLLx
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh had an excellent performance in the year, with double digit revenue and profit growth as well as record order levels for a second year running. #contactcentres #paymentsecurity bit.ly/30NSO0U
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out about the 5 lessons learned from COVID-19 for contact centre resilience. bit.ly/3cPDxz3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube