PCI DSS for IATA Travel Agencies

Intro

The International Air Transport Association (IATA) now requires certified travel agencies to comply with the PCI Data Security Standard (PCI DSS) to protect payment data which was first introduced in February 2017 with a deadline of 1 June 2017, then the mandatory requirement has been postponed to 1 March 2018 by IATA source.

Why is IATA enforcing PCI DSS to all accredited travel agencies?

The carriers required IATA to support its internal compliance project by making the BSP card sales channel PCI DSS compliant. This is why IATA-certified travel agents now need to become PCI DSS compliant.
BSP is a system designed to facilitate and simplify the sales, reporting, and transfer procedures for IATA-approved passenger sales agents, as well as improve the financial control and cash flow of BSP Airlines. Billing Settlement Payments (BSP) is found in nearly 180 countries and territories. The system currently serves more than 370 participating airlines with an on-time settlement rate of 99.999%. In 2017, IATA’s BSP processed $236.3 billion.

What is PCI DSS?

The Payment Card Industry (PCI) Security Standards Council is responsible for managing the security standards for the payment card industry. There are 5 main payment card brands that took part in the creation of this Council: American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.
How travel agencies in Saudi Arabia can become PCI DSS compliant?

There are 3 steps to reach compliance:

1. Assess

  • Identification of cardholder information
  • Taking an inventory of IT assets and business processes for payment card processing.
  • Analysis of vulnerabilities

2. Remediate

  • Fixing the vulnerabilities
  • Eliminating the storage of cardholder data unless absolutely necessary

3. Report

  • Compiling and submitting required reports to the appropriate acquiring bank and card

How Daam Al Arabia can help you:

Earning PCI DSS Level 1 Certification

Want to learn more about earning your PCI DSS Level 1 Certification? Contact one of PCI DSS experts today.

Contact Us

Security Assessments

Conduct comprehensive evaluations of your payment systems to identify potential security gaps and ensure alignment with PCI DSS Level 1 requirements.

Vulnerability, Internal, and External Scans

Perform thorough vulnerability scans to detect and mitigate potential threats that could compromise your payment infrastructure.

Penetration Tests

Execute advanced penetration tests to simulate potential attacks, assessing the effectiveness of your security measures and identifying areas for improvement.

We conduct a thorough assessment of your current payment processing systems to identify any gaps or vulnerabilities in relation to PCI DSS Level 1 requirements. This includes reviewing your network architecture, data flow, and existing security measures.

Our team performs comprehensive vulnerability scans to identify potential weaknesses in your systems. These scans help ensure that all areas are secure against known threats and vulnerabilities.

We simulate real-world attacks on your payment systems through rigorous penetration testing. This proactive approach assesses the effectiveness of your security measures and uncovers any exploitable vulnerabilities.

We assist in creating and organizing all necessary compliance documentation required for PCI DSS Level 1. Additionally, we prepare your organization for annual audits, ensuring that all processes are well-documented and ready for review.

Our PCI DSS Level 1 Services

Earn your PCI DSS Level 1 certification and start your path towards secure payment processing. Contact one of our PCI DSS experts today.

Contact Us

Send Us A Message

Quick Contact

Quick Contact

Trusted by some of the biggest companies in the Kingdom

Virgin Megastore logo – official partner of Daam Al-Arabia, optimizing retail performance with data-driven solutions and digital engagement strategies.
Qasar Al Awani logo – official partner of Daam Al-Arabia, optimizing homeware and kitchenware growth with digital solutions.
Al Manea logo – official partner of Daam Al-Arabia, driving business growth with advanced data, security, and digital marketing solutions.
Al Nahdi logo – official partner of Daam Al-Arabia, empowering healthcare and retail success through data-driven strategies and digital solutions.
Paris Gallery logo – official partner of Daam Al-Arabia, driving luxury beauty and fashion growth through digital strategies.
Al Rajhi Takaful logo – official partner of Daam Al-Arabia, enhancing insurance services with data-driven security and digital solutions.