A winter wind is howling through the travel industry — at exactly the time when travel agents want to be cashing in on summer bookings. So why the big chill?
Travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) in the way they store, process and transmit people's payment card data.
The new rule implemented on March 2018 impacts travel agents accredited with International Air Transport Association (IATA) and stems from a demand by airlines. It applies to the Billing and Settlement Plan (BSP) channel which simplifies sales and accounted for a whopping $219 billion of transactions in 2016.
If travel agents failed to comply, they are being warned by IATA of the chilling threat posed by data criminals. Breaches can lead to fraud losses, legal penalties, the removal of the ability to take cards and even the risk of going out of business, says the organisation.
So why the hoo-ha? Despite some voices within the travel industry being rattled, IATA didn't budge on the deadline for PCI DSS, according to Travel News Weekly.
So, is IATA correct to pile on the pressure over card data fraud?
The simple answer is Yes. Just like other sectors, the travel industry is not immune from the theft of consumers' debit/credit card information by rogue contact centre agents and hackers.
Card-not-present (CNP) fraud in the UK cost £432 million in 2016 and is set to rise by a staggering 120% by 2021. Over one third of CNP fraud is happening in contact centres.
It's true to say that the biggest, headline-grabbing cases of fraud so far have tended to involve retailers, mobile phone networks and the public sector. But — as each sector tightens up — it's likely that fraudsters will then switch their focus to other industries and businesses.
In other words, even if IATA wasn't waving a stick, it would still be wise for travel agents to achieve PCI DSS compliance as a matter of urgency.
What should travel agents do next? The Internet is awash with content about PCI DSS. But most of it is jargon-heavy and reads like a stodgy technical manual. It can be frustrating interrogate Google and keep finding the same basic facts, reheated over and over again —without the explanation, nuance and practical examples needed.
However, you can get the essentials clearly and simply if you download your free copy of our definitive guide to PCI DSS. You'll discover everything you wanted to know about secure payments — and how they can work best for travel agents and other businesses.
Our guide gets straight to the point. It also shows how to solve PCI DSS issues - without you needing to become a guru yourself, which will prove a great relief. References
 Travel News Weekly - 'Iata won’t budge on PCI DSS deadline'
 National Audit Office June 2017
Latest Blog Items
Friday, 06 December 2019 Twist or stick? It’s your choiceAlmost every business has legacy technology. It makes perfect sense to extending its life. But it can be a burden managing legacy systems that require specialist knowledge that may not be available from your original vendor or in your organisation.
Tuesday, 03 December 2019 Challenge #3: Despite self-service your customers still callDespite offering great self-service tools to your customers, are your agents are still handling too many calls? If customers are stuck in their old habits, they need a nudge.
Tuesday, 26 November 2019 Challenge #2 – Your self-service doesn’t have all the answersHas your company deployed a self-service app for customers — but your contact centre is still getting a constant stream of calls? When this happens, there's only one thing to do.