So what exactly does PCI –DSS compliance mean to travel agents in Kenya?
Payment Card Industry Data Security Standards (PCI DSS) is a global data security standard developed by payment card companies to protect confidential payment card information against theft. Airlines have demanded that IATA support their own internal compliance project by making the BSP card sales channel PCI DSS compliant. This is why IATA Accredited Travel Agents now need to become PCI DSS compliant. Compliance to PCI DSS is primed as providing assurance to cardholders that their sensitive information is secure and protecting both the customer and the agent against the ever growing schemes of fraudsters.
Until recently PCI DSS compliance has been an unheard term in the travel industry. However, not only has IATA introduced it but full compliance is expected by March 2018. Failure to comply will result in 2 instances of NOIs (Notice of Irregularity)!
To many this seemed odd for until that time they had never heard of the term PCI DSS. This could have been easily ignored were it not for the accompanying stern warning that non-compliance would lead to default action against an agency.
On February 8 2017, IATA sent a circular to all accredited agents announcing a mandatory requirement to comply with the Payment Card Industry (PCI) Data Security Standard (DSS) effective 1 June 2017. To many this seemed odd for until that time they had never heard of the term PCI DSS. This could have been easily ignored were it not for the accompanying stern warning that non-compliance would lead to default action against an agency.
Following this announcement, the KATA secretariat was flooded with calls from anxious members seeking information and clarification regarding this new requirement. Answers were neither forthcoming from IATA local offices nor the Amman Hub. No one understood what this new requirement was all about. KATA loudly protested through formal IATA channels against the short notice provided for what obviously looked like herculean task. Realizing the global pandemonium the announcement had caused, IATA was forced to postpone the enforcement of the new requirements to 31 March 2018 even though kept the implementation date at 1 June 2017.
All travel agents that use any form of payment cards in their business must comply with this new requirement. Even agents that do not have payment cards will have to fill in the Self-Assessment Questionnaires (SAQ) and submit an Attestation of Compliance ( AoC) to IATA.
To begin the compliance, you are required to contact your bank acquirer or card company to determine your level of compliance.
Back to posts articles