PCI for Travel Agents – IATA Compliance

The travel industry is by its very nature a global industry, which is why the International Air Transport Association (IATA) exists to make sure the whole industry, wherever a business is registered or operating, maintains the same standards, hence PCI for travel agents.

Being IATA accredited gives customers reassurance that their travel agent is legitimate, whilst also allowing them to be safe in the knowledge that their agent will maintain confidentiality, protecting their personal and payment details from theft or fraud, and that bookings will be genuine.


PCI for Travel Agents – Payment Handling

Recently, you may recall, IATA issued guidance that all accredited travel agents need to ensure that their payments are processed through PCI DSS (Payment Card Industry Data Security Standard) compliant systems. This is to protect the industry from reputation damaging employees who may siphon off personal details, and to improve the customer experience by minimising the potential for errors in processing payment.


What Makes A System PCI Compliant?

Storage of customer data is fraught with danger. Danger of theft from insider action, and danger of theft from cybercriminals hacking into your databases. Additionally, GDPR regulations mean only the bare minimum amount of data should be kept at any time.

A PCI DSS compliant system removes the ability for third-parties to intercept and store card details and, where details need to be stored, for example for reoccurring payments or to automatically take future payments, the system needs to have sufficient safeguards that data cannot leak out.

PCI DSS Compliance extends past your payment gateway. Choosing to take payments with a PCI compliant provider makes it easier for your agency to meet the compliance standards, but it is still your responsibility to ensure that the whole organisation takes compliance seriously.

PCI for Travel Agents

Not in Scope – Less to Worry About

PCI DSS only applies to card payments and methods of processing them. In a traditional set-up this would mean all your agents and call centre staff are within the scope of PCI DSS and that’s potentially a lot of weak links.

Callstream’s Vault PCI payment solution removes your call centre from the PCI scope. When prompted your client is asked to key their card details into the system directly via their keypad. Our system intercepts the DTMF tones and diverts them straight through the payment gateway, neither the agent, nor any call recording software, has the ability to eavesdrop on the transaction. Security is improved, as is the customer experience.

Both live agent and automated payments can be taken through the Callstream system, allowing customers to pay instalments towards their final balance without intervention from call centre staff. A dedicated payment line connects directly to Callstream Vault, where details can then be forwarded to the merchant’s payment processing platform through standard secure protocols.

Callstream’s Vault is a cloud-based level 1 approved PCI compliant payment solution which includes PCI complaint call recording. Let us help you protect your company’s reputation and PCI compliance in a simple and cost-effective way that ticks all the boxes.

Comments are closed for this post.