IATA Accredited travel agents compliance requirements
Deadline: March 1, 2018
The travel industry has come under repeated and targeted attack from hackers who are increasingly finding opportunities to gain access to significant quantities of card payment data and personal information from customers.
The IATA (International Air Transport Association) is requiring that all of their members achieve and maintain Payment Card Industry Data Security Standard (PCI DSS) compliance as a condition of obtaining and retaining accreditation as an IATA Accredited Agent.
A fully Accredited IATA Agent is a travel agent that sells airline tickets on behalf of IATA member airlines. By complying with PCI DSS, travel companies are taking strides to protect customer data from malicious attackers through better security practices.
What does this mean for you?
By March 2018, agencies must be in compliance with PCI DSS or risk losing their IATA accreditation. IATA has already contacted its members directly to ensure PCI DSS compliant by this date
What do you need to do next?
In order to achieve and maintain PCI DSS compliance all IATA members are required to:
- complete and validate PCI compliance through IATA’s Trustwave portal to achieve certification. If you have already validated PCI Compliance for your business via another PCI Program other than Elavon's, you must supply proof of validation.
- if you have already validated PCI Compliance for your business via another PCI Program, you must supply proof of validation.
Here to help
If you need any assistance, please contact your Elavon Customer Security Consultancy Team PCIEurope@elavon.com