Travel agents: Why new card payment rules could leave you out in the cold

A winter wind is howling through the travel industry — at exactly the time when travel agents want to be cashing in on summer bookings. So why the big chill?

From March this year, travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) in the way they store, process and transmit people's payment card data.

The new rule impacts travel agents accredited with International Air Transport Association (IATA) and stems from a demand by airlines. It applies to the Billing and Settlement Plan (BSP) channel which simplifies sales and accounted for a whopping $219 billion of transactions in 2016.[1]

If travel agents fail to comply, they are being warned by IATA of the chilling threat posed by data criminals. Breaches can lead to fraud losses, legal penalties, the removal of the ability to take cards and even the risk of going out of business, says the organization.

So why the fuss?

Despite some voices within the travel industry being rattled, IATA isn't planning to budge on the March 2018 deadline for PCI DSS, according to Travel News Weekly[1].

So, is IATA correct to pile on the pressure over card data fraud?

The simple answer is Yes. Just like other sectors, the travel industry is not immune from the theft of consumers' debit/credit card information by rogue contact center agents and hackers.

Card Not Present (CNP) fraud in the US increased by 40% in 2016[3] and CNP losses are expected to cost retailers and financial institutions $7.2 billion in the US by the end of 2020.[4]

It's true to say that the biggest, headline-grabbing cases of fraud so far have tended to involve retailers, mobile phone networks and the public sector. But — as each sector tightens up — it's likely that fraudsters will then switch their focus to other industries and businesses.

In other words, even if IATA wasn't waving a stick, it would still be wise for travel agents to achieve PCI DSS compliance as a matter of urgency.

What should travel agents do next?

The Internet is awash with content about PCI DSS. But most of it is jargon-heavy and reads like a stodgy technical manual. It can be frustrating interrogate Google and keep finding the same basic facts, reheated over and over again —without the explanation, nuance and practical examples needed.

However, you can get the essentials clearly and simply if you download your free copy of our definitive guide to PCI DSS. You'll discover everything you wanted to know about secure payments — and how they can work best for travel agents and other businesses.

Our guide gets straight to the point. It also shows how to solve PCI DSS issues - without you needing to become a guru yourself, which will prove a great relief as March gets closer.

[1] Travel News Weekly - 'Iata won’t budge on PCI DSS deadline'
[2] National Audit Office June 2017
[3] Javelin - 'Card-Not-Present Fraud Rises Significantly'
[4] Market Wired newsroom - 'Card-Not-Present Fraud Losses to Exceed $7 Billion by 2020'

Loading Conversation

Posted by eckoh at 9:48 AM on Jan 9, 2018


Recent Posts

Healthcare identity theft and fraud is a fast-growing threat in the US, but some…

This year is the 40th anniversary of the classic 1978 sci-fi movie Invasion of…


While the US retail industry is reeling from what has been declared by some as…