Corporate Travel Management News and Tips

Why PCI Compliance Impacts Travel Agency Clients

February 6, 2018 | Blog, For Travel Managers

When it comes to booking travel, the security of your company’s credit card information falls on your shoulders as a travel manager. The industry is making strides against theft through Payment Card Industry Data Security Standards (PCI DSS). This is a precautionary measure set by large credit card companies to protect this critical, private data.

If you work with a corporate travel services company, do you know how they handle your credit card information?  Your partner should make this security a priority for all its clients. Even with though this is a well-known priority, Verizon states that over 38% of all significant security breaches occur within the travel and hospitality industries. Travel agencies are working tirelessly to ensure their clients’ data is safely stored before they lose their IATA accreditation.

Here’s how PCI compliance can influence the relationship between a travel agency and its clients.

Maintaining a Secure Network

A firewall is the first step in securing a network and its data. The agency’s hosting provider or IT resource needs to put one in place to protect and create a private network. Once everything is set, your travel agent should stay in the loop about the agency’s firewall configuration policy.

Ensure that your agent has changed the vendor-supplied passwords to custom ones as quickly as possible. Don’t be afraid to ask him or her how often they maintain and update passwords. This helps avoid someone apprehending your company’s information if the hacker knows a vendor’s pre-set password.

Protecting What’s Important

It’s no secret that the goal of PCI compliance is to keep consumers’ data safe. As part of this effort, and to be PCI compliant, travel agencies cannot record the CCV security code on a card. This is something that needs to be requested each time a transaction is made on your company’s card.

Ask your travel company the method in which they store your credit card information. It’s likely that they have a CRM where all their clients’ private data is stored. Their platform should have a strong, unique password. If they use a computer hard drive-based platform, it needs to be encrypted. That way, it’ll be unreadable and unusable to an intruder without cryptographic keys.

Should your travel company go the old fashion route of paper files, double check that your information is being warehoused in a safe location with locks. When your credit card numbers change, they need to shred the existing documentation, even if it’s expired.

What Travel Agencies Are Doing to Alleviate The Threat

The threat of a security breach for an agency has a domino effect, exposing mass amounts of data from organizations that are intertwined with the agency. The hack doesn’t just affect the travel agency and its clients but also the hotels and other services utilized during the booking process.

Large travel companies who are adamant about being PCI compliant typically lean on an in-house, accredited Qualified Security Assessor (QSA). Whether it’s an internal team or an external consultant, the travel company should be in conversation with a QSA to ensure it is compliant. If an agency chooses not to abide by this new security measure, it will risk losing its IATA accreditation as of March 2018.

Don’t let the fear of PCI DSS compliance stop you from working with a travel agency. Adelman Travel is proud to offer a proprietary tool that ensures all transactions are PCI compliant. We have provided corporate travel services for over three decades to clients of all sizes. Give us a call today at 800-248-5562 to get started on planning your next corporate trip.

Resources