A winter wind is howling through the travel industry — at exactly the time when travel agents want to be cashing in on summer bookings. So why the big chill?
Travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) in the way they store, process and transmit people's payment card data.
The new rule implemented on March 2018 impacts travel agents accredited with International Air Transport Association (IATA) and stems from a demand by airlines. It applies to the Billing and Settlement Plan (BSP) channel which simplifies sales and accounted for a whopping $219 billion of transactions in 2016.
If travel agents failed to comply, they are being warned by IATA of the chilling threat posed by data criminals. Breaches can lead to fraud losses, legal penalties, the removal of the ability to take cards and even the risk of going out of business, says the organisation.
So why the hoo-ha? Despite some voices within the travel industry being rattled, IATA didn't budge on the deadline for PCI DSS, according to Travel News Weekly.
So, is IATA correct to pile on the pressure over card data fraud?
The simple answer is Yes. Just like other sectors, the travel industry is not immune from the theft of consumers' debit/credit card information by rogue contact centre agents and hackers.
Card-not-present (CNP) fraud in the UK cost £432 million in 2016 and is set to rise by a staggering 120% by 2021. Over one third of CNP fraud is happening in contact centres.
It's true to say that the biggest, headline-grabbing cases of fraud so far have tended to involve retailers, mobile phone networks and the public sector. But — as each sector tightens up — it's likely that fraudsters will then switch their focus to other industries and businesses.
In other words, even if IATA wasn't waving a stick, it would still be wise for travel agents to achieve PCI DSS compliance as a matter of urgency.
What should travel agents do next? The Internet is awash with content about PCI DSS. But most of it is jargon-heavy and reads like a stodgy technical manual. It can be frustrating interrogate Google and keep finding the same basic facts, reheated over and over again —without the explanation, nuance and practical examples needed.
However, you can get the essentials clearly and simply if you download your free copy of our definitive guide to PCI DSS. You'll discover everything you wanted to know about secure payments — and how they can work best for travel agents and other businesses.
Our guide gets straight to the point. It also shows how to solve PCI DSS issues - without you needing to become a guru yourself, which will prove a great relief. References
 Travel News Weekly - 'Iata won’t budge on PCI DSS deadline'
 National Audit Office June 2017
Latest Blog Items
Wednesday, 01 July 2020 Remote working for contact centres: Critical next steps, beyond the crisisRemote working — is here to stay. How to make sure security is not compromised
Friday, 19 June 2020 Nine things that bug you about PCI DSS complianceCompliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.
Wednesday, 10 June 2020 Contact centre resilience – 5 lessons learned from COVID-19In the words of Elvis, we’re ‘all shook up’. Not surprising after the initial reaction to the global pandemic that is COVID-19. It’s changed how we think, live and work and why it’s important to build resiliency into contact centre operations.