PCI DSS certification for travel agencies
Everyone who works in the travel industry knows that there is an International Air Transport Association (IATA). In 2016, the IATA has put forward a requirement for all travel companies which work in their online booking system.
This requirement is quite simple: all the IATA system participants must undergo mandatory certification for compliance with the PCІ DSS standard till March 1, 2018. In layman’s language we can say this way: a travel company needs the PCI DSS certificate in order to ensure the customers’ data and money security during the card payments (Visa, MasterCard and so on).
Without this certificate there is a good chance that these data can be seized by intruders in order to embezzle the funds.
If the travel company or tour operator completes certification according to the PCІ DSS standard, they will be able to book and sell the flight tickets.
After March 1, 2018 the IATA will cease to provide its services to all companies that haven’t completed the PCI DSS certification. The consequences of failure to comply with their requirements are negative: penal sanctions, service commission increasing or full online booking scram.
There is the only and very simple conclusion: all travel companies and tour operators should have the certificate of compliance with the PCI DSS standard. Even if you have a very small company and you book the flight tickets for your customers, you will have to meet the IATA’s requirements and undergo certification for compliance with the PCI DSS standard.
“IT Specialist” – G+