Are you ready?

With fraud and hacking costing the industry an estimated $1bn annually and growing, maintaining a set of security standards to combat this criminal activity is critical when dealing with customer credit card information. That is why the Payment Card Industry Data Security Standards (PCI DSS) have been developed. In its latest version, a more secure encryption protocol, Transport Layer Security (TLS) 1.2 or higher, will be required in order to meet the PCI DSS compliance obligations from 30 June 2018.

IATA has also issued a resolution stating that any IATA agent that accepts credit card transactions against its own merchant agreement or issues Billing and Settlement Plan (BSP) card transactions will fall under the PCI DSS compliance obligations. It has stated that failure to comply with these by 01 March 2018 will result in the issuance of an administrative non-compliance and could lead to the removal of card as a form of payment for your agency.

Note: Many applications include free format ‘remarks’ fields. Travelport strongly encourage you not to include details of customers payment cards in these fields, in order not to risk complicance.

Supporting you on your journey towards PCI DSS compliance

We each have responsibilities to ensure compliance with the new PCI DSS standard and IATA resolution. Travelport is serious about data security, so to help facilitate your continued compliance with the new PCI DSS protocol, we will be retiring TLS 1.0 and migrating to TLS 1.2 in all our related product environments . This means you will need to ensure that you are using TLS 1.2  to be ready for the new security standards. .

Please also be aware that you may need to upgrade the version of your Microsoft Operating System, .NET Framework or Internet Explorer from the one you use currently. Access the appropriate links below to learn more.

Maintaining your compliance

To help you meet the criteria for IATA compliance, Travelport has partnered with SecurityMetrics, a leading provider and innovator in data security, who offer PCI DSS Certification services. As a Travelport customer, you can obtain PCI DSS Certification services at preferential rates via our unique referral program.

IATA will require proof of compliance. This is provided as a downloadable certificate as part of the SecurityMetrics service and is accepted by IATA as proof of compliance.

Travelport and PCI DSS compliance

On 07 Feb 2018, Travelport was certified as a PCI 3.2 service provider

For more information on how to ensure that you meet the requirements and deadlines for PCI DSS compliance please read more below.