PCI DSS for IATA Travel Agencies

The International Air Transport Association (IATA) now requires certified travel agencies to comply with the PCI Data Security Standard (PCI DSS) to protect payment data.
It was first introduced in February 2017 with a deadline of 1 June 2017, then the mandatory requirement has been postponed to 1 March 2018 by IATA source.

Why is IATA enforcing PCI DSS to all accredited travel agencies?


The carriers required IATA to support its internal compliance project by making the BSP card sales channel PCI DSS compliant. This is why IATA-certified travel agents now need to become PCI DSS compliant.
BSP is a system designed to facilitate and simplify the sales, reporting, and transfer procedures for IATA-approved passenger sales agents, as well as improve the financial control and cash flow of BSP Airlines. Billing Settlement Payments (BSP) is found in nearly 180 countries and territories. The system currently serves more than 370 participating airlines with an on-time settlement rate of 99.999%. In 2017, IATA's BSP processed $236.3 billion.


What is PCI DSS?


The Payment Card Industry (PCI) Security Standards Council is responsible for managing the security standards for the payment card industry. There are 5 main payment card brands that took part in the creation of this Council: American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.

How travel agencies in Saudi Arabia can become PCI DSS compliant?

There are 3 steps to reach compliance:

ARR1. Assess

  •  Identification of cardholder information.
  •  Taking an inventory of IT assets and business processes for payment card processing.
  •  Analysis of vulnerabilities..

2. Remediate

  •  Fixing the vulnerabilities.
  •  Eliminating the storage of cardholder data unless absolutely necessary.

3. Report

  •  Compiling and submitting required reports to the appropriate acquiring bank and card brands.


How Daam Al-Arabia can help you?

Our security experts at Daam Al-Arabia can help you select the right SAQ for your business and get your PCI DSS certificate quickly.
We also offer robust, cost-effective, PCI DSS approved solutions:

  •  Conducting security assessments.
  •  Vulnerabilities scan, PCI DSS approved.
  •  Penetration tests.


Our wide range of services will not only help you prepare for PCI DSS compliance but will improve the overall security of your organization.


Consult An Expert

Joomla forms builder by JoomlaShine

Daam Al-Arabia

Our Experts Always Here to Help You.

Ask an Expert Now