What is PCI Compliance and How are Travelers Affected?
Navigating the world of data security can be confusing. The corporate travel industry has made great strides in security against theft of credit card information, but a breach can still happen. If you work with a business travel provider, do you know how they handle your credit card information? Your partner should make this security a priority for all business travelers. Even though this is a well-known priority, over 38% of all significant security breaches occur within the travel and hospitality industries.
Our travel management company works tirelessly to ensure data is safely stored. PCI DSS (Payment Card Industry Data Security Standard) compliance can influence the relationship between a TMC and its clients, but how?
Business Travelers: What is PCI?
In 2001, Visa created CISP (Cardholder Information Security Program), which, through a joint effort among the credit card companies, is now known as PCI DSS (Payment Card Industry Data Security Standard). PCI DSS, or PCI for short, developed industry standards for providers and merchants to protect cardholder data when stored and transmitted. The TMC and other vendors that you partner with must have this accreditation.
How is Your Travel Management Company Protected?
A firewall is the first step in securing a network and its data. The travel management company’s hosting provider or IT resource should have one in place to protect and create a private network.
Adelman Travel also deploys an intrusion detection system (IDS) with hybrid modeling and Artificial Intelligence (AI) to maximize detection accuracy and minimize computational complexity. Our network and systems are carefully monitored for malicious activity or policy violations. These violations are reported to an administrator or collected centrally using a security information and event management (SIEM) system.
Your account manager should stay in the loop regarding TMC’s firewall configuration and security policy. A policy copy should be readily available and provided if requested. Don’t be afraid to ask how often this security policy is updated.
Very few TMCs still use paper files. However, if your TMC partner still uses these outdated methods, double-check that your information is being warehoused in a safe location with locks. When your credit card numbers change, they need to shred the existing documentation, even if it’s expired.
How Travel Management Companies are Mitigating Data Security Risks
The threat of a security breach for a TMC has a domino effect, exposing massive amounts of data from organizations intertwined with the agency. The hack affects not only the TMC and its clients but also the hotels and other vendors.
Travel management companies were required to be PCI compliant by March 2018, and those that did not implement the proper data security measures may have lost their IATA accreditation. PCI-compliant TMCs typically use an in-house accredited Qualified Security Assessor (QSA) to promptly address new regulations.
Furthermore, some TMCs, including Adelman Travel, have taken the initiative to provide all employees with regular internal training on data security. It is a pillar of Adelman’s culture to maintain the highest business travel service standards, including an ironclad commitment to protecting our clients’ data.
Business Travelers Have Peace of Mind in the Digital Age
Understanding PCI compliance and its impact on corporate travel can help you make informed decisions about your business travel program. Choosing a travel management company that prioritizes data security, such as Adelman Travel, can protect sensitive information.
Your peace of mind is invaluable. By selecting a PCI-compliant TMC, you’re taking a significant step towards safeguarding your business and travelers, empowering you with confidence in your data security. Contact our experienced team today to get started.