Corporate Travel Management News and Tips

What is PCI Compliance and How are Travelers Affected?

February 14, 2019 | Blog, For Travel Managers, For Travelers

Navigating the world of Data Security can be confusing. The travel industry has made great strides in security against theft of credit card information, but a breach can still happen. If you work with a corporate travel services company, do you know how they handle your credit card information? Your partner should make this security a priority for all its clients. Even though this is a well-known priority, over 38% of all significant security breaches occur within the travel and hospitality industries.* Travel management companies, like Adelman, work tirelessly to ensure data is safely stored. PCI DSS (Payment Card Industry Data Security Standard) compliance can influence the relationship between a TMC and its clients, but how?

First of all, What is PCI?
In 2001, Visa created CISP (Cardholder Information Security Program), which, through a joint effort among the credit card companies, is now known as PCI DSS (Payment Card Industry Data Security Standard). PCI DSS, or PCI for short, developed industry standards for providers and merchants to make sure that cardholder data was being protected when stored and transmitted. It is imperative that the TMC and other vendors that you partner with have this accreditation.

How is your TMC protected?
A firewall is the first step in securing a network and its data. The travel management company’s hosting provider or IT resource should have one in place to protect and create a private network. Adelman also deploys an intrusion detection system (IDS) with hybrid modeling and Artificial Intelligence (AI) to maximize detection accuracy and minimize computational complexity. Our network and systems are carefully monitored for malicious activity or policy violation. These violations are reported either to an administrator or collected centrally using a security information and event management (SIEM) system.

Your account manager should stay in the loop about the TMC’s firewall configuration and security policy. A copy of said policy should be readily available to be provided if requested. Don’t be afraid to ask how often this security policy is updated.

There are very few TMCs still operating with paper files; however, if your TMC partner is still utilizing these outdated methods, double check that your information is being warehoused in a safe location with locks. When your credit card numbers change, they need to shred the existing documentation, even if it’s expired.

How TMCs are mitigating Data Security Risks
The threat of a security breach for a TMC has a domino effect, exposing mass amounts of data from organizations that are intertwined with the agency. The hack doesn’t just affect the TMC and its clients but also the hotels and other vendors.

TMCs were required to be PCI compliant by March of 2018 and those who did not put the proper data security measures in place may have lost their IATA accreditation. TMCs who are PCI compliant typically lean on an in-house, accredited Qualified Security Assessor (QSA). This ensures that any new regulations are promptly addressed. Furthermore, some TMCs, like Adelman, have taken to providing regular, internal training on data security for all employees. It is a pillar of Adelman’s culture to maintain the highest service standards and this absolutely includes an ironclad commitment to our clients’ data protection.

Adelman is proud to offer a proprietary tool that ensures all transactions are PCI compliant. We have provided corporate travel services for over three decades to clients of all sizes. Give us a call today at 800-248-5562 to get started on planning your next corporate trip.

*According to https://www.researchgate.net/publication/324455350_2018_Verizon_Data_Breach_Investigations_Report

Resources