A winter wind is howling through the travel industry — at exactly the time when travel agents want to be cashing in on summer bookings. So why the big chill?
Travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) in the way they store, process and transmit people's payment card data.
The new rule implemented on March 2018 impacts travel agents accredited with International Air Transport Association (IATA) and stems from a demand by airlines. It applies to the Billing and Settlement Plan (BSP) channel which simplifies sales and accounted for a whopping $219 billion of transactions in 2016.
If travel agents failed to comply, they are being warned by IATA of the chilling threat posed by data criminals. Breaches can lead to fraud losses, legal penalties, the removal of the ability to take cards and even the risk of going out of business, says the organisation.
So why the hoo-ha? Despite some voices within the travel industry being rattled, IATA didn't budge on the deadline for PCI DSS, according to Travel News Weekly.
So, is IATA correct to pile on the pressure over card data fraud?
The simple answer is Yes. Just like other sectors, the travel industry is not immune from the theft of consumers' debit/credit card information by rogue contact centre agents and hackers.
Card-not-present (CNP) fraud in the UK cost £432 million in 2016 and is set to rise by a staggering 120% by 2021. Over one third of CNP fraud is happening in contact centres.
It's true to say that the biggest, headline-grabbing cases of fraud so far have tended to involve retailers, mobile phone networks and the public sector. But — as each sector tightens up — it's likely that fraudsters will then switch their focus to other industries and businesses.
In other words, even if IATA wasn't waving a stick, it would still be wise for travel agents to achieve PCI DSS compliance as a matter of urgency.
What should travel agents do next? The Internet is awash with content about PCI DSS. But most of it is jargon-heavy and reads like a stodgy technical manual. It can be frustrating interrogate Google and keep finding the same basic facts, reheated over and over again —without the explanation, nuance and practical examples needed.
However, you can get the essentials clearly and simply if you download your free copy of our definitive guide to PCI DSS. You'll discover everything you wanted to know about secure payments — and how they can work best for travel agents and other businesses.
Our guide gets straight to the point. It also shows how to solve PCI DSS issues - without you needing to become a guru yourself, which will prove a great relief. References
 Travel News Weekly - 'Iata won’t budge on PCI DSS deadline'
 National Audit Office June 2017
Latest Blog Items
Tuesday, 13 August 2019 Is your PCI DSS strategy killing your agility?Contact centres must protect customer card data — but the wrong PCI DSS strategy can hold back your business. Sometimes, only a security rethink will give you the freedom to thrive.
Tuesday, 30 July 2019 PCI DSS - are you playing whack-a-mole and losing badly?Is your contact centre protecting customer card data with expensive sticking plasters? If so, then don't be surprised if fraudsters tear through. You'll need a radical rethink to stop criminals.
Thursday, 11 July 2019 Contact centre safe from fraud? Think againContact centre crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organisations need a new strategy, fast.