Payment Card Industry Data Security Standards (PCI DSS) is a global data security standard to protect confidential payment card information against fraud and theft. Airlines have demanded that the International Air Transport Association (IATA) support their own internal compliance project, which is why IATA Accredited Travel Agents now need to become PCI DSS compliant.
“Payment security should be a priority for any organisation, regardless of their industry,” says Chantal Kliche, Retail Manager of Thompsons Travel, Cape Region. “It is vital for organisations to put their customers’ security first and protect themselves through risk mitigation.”
1. What is PCI DSS?
PCI DSS applies to cardholder data, which includes the number on the card, the cardholder name, service code, and validity dates. Some of this data can be construed as personal information as defined by POPI.
Initially, each of the different individual card companies had their own independent security programmes to protect and secure the personal data that they processed and stored. However, with growing concerns around the unauthorised or fraudulent use of cardholder data, the five major card companies formed the PCI DSS Council (the Council) in 2006, which manages, maintains and assists merchants, service providers and other card processors with the safe handling of cardholder information.
2. Does PCI DSS apply to you?
PCI DSS applies globally to all merchants and service providers that process, transmit or store debit or credit card information.
To determine whether you are required to adhere to the PCI DSS, check with your bank which deadlines and penalties apply to you, take immediate steps to assess your current status of compliance and if necessary, implement internal policies and procedures to ensure that you meet requirements.
3. What are the compliance objectives?
The six high-level objectives of PCI DSS compliance are to:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a Vulnerability Management Programme
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an Information Security Policy
“If you comply with PCI DSS you will more than likely comply with certain conditions of POPI,” says Kliche. “However, it is important to note that PCI only applies to cardholder data, while POPI applies to personal information at large – a much more significant category of information.”
Thompsons Travel is PCI DSS compliant. Please contact your Account Manager for more information on the steps we have taken to safeguard sensitive cardholder data.