From March 1, 2018, Iata Accredited Travel Agents will need to comply with PCI DSS – the global data security standard designed to protect confidential payment card information against theft.
Compliance will be a mandatory condition to obtain and retain accreditation as an Iata Accredited Agent. The initial compliance date was set for June last year, but according to reports, the Association of Canadian Travel Agencies pushed Iata to delay the deadline until March 1, 2018 as it said its members needed more time and clarity around compliance requirements.
A full accredited agent is a travel agent that sells airline tickets on behalf of Iata member airlines, and failure to hit the deadline could result in them losing their membership.
According to cyber security specialist Foregenix, agents are “racing against time to meet the deadline”.
Travel industry and compliance specialist Richard Jones said: “The industry is served by many thousands of travel agents, the majority of whom are facing the PCI DSS challenge for the first time under the Iata mandate.”
The Payment Card Industry (PCI) Security Standards Council is responsible for managing the security standards for the payment card industry. There are five payment card brands which took part in the creation of the council: American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.
Agents can find out more on Iata’s website.