Why your TMC needs to be aware of the need for PCI DSS compliance

Image credit: tashka2000 via iStock
Phone:+45 4363 2266

One of the inevitable consequences of the proliferation of digital payment technologies is the rising complexity of regulatory requirements governing digital transactions - a trend to which Travel Management Companies are not immune.

In recent months, many of the logistical difficulties associated with a growing burden of compliance have centred on the Payment Card Industry Data Security Standards (PCI DSS), a series of regulations applied to all organisations accepting or processing payment transactions, including those in the travel industry.

The purpose of PCI DSS is to ensure sufficient standards of security are maintained by every business that stores, processes or transmits cardholder data, but the timescale for implementing these rules has proven a problem for many organisations.

Achieving PCI DSS compliance is a multifaceted process, requiring businesses to ensure cardholder data is stored safely, encrypted properly and protected by firewalls, with access restricted both physically and digitally by allowing only those with the proper identification and clearance to view the data.

The regulations also call for businesses to maintain secure systems and applications, invest in antivirus software and ensure vendor-supplied defaults for system passwords and other security parameters are never used, while carrying out regular testing and monitoring as part of a robust information security policy.

These guidelines have been updated regularly by the PCI Security Standards Council, with the latest version, 3.2, published in April 2016 - but many companies are finding the basics difficult to implement, resulting in several delays to the intended timetable.

Earlier this year, the International Air Transport Association extended the PCI DSS compliance deadline for agents from June 1st 2017 to March 2018 due to feedback from organisations such as the Association of Canadian Travel Agencies, which had expressed concerns on behalf of its members about the feasibility of meeting the original deadline, and called for the requirements to be made clearer.

This delay will give TMCs a bit more breathing room, but dedicating the necessary time and resources to getting to grips with PCI DSS remains essential to avoid falling foul of these important regulations - as is working alongside a supplier that is able to offer support with this crucial area of compliance.

For information on how your TMC can automate its mid and back-office systems with ProTAS, contact ProCon Solution now.

ProCon Solution A/S
Herstedøstervej 27-29
DK-2620 Albertslund
Phone: +45 4363 2266
Email: procon@procon.dk