Juggling tech and law to combat cyber crime
WHILE technology
improves the way
travel agents work
by streamlining enquiries,
bookings, communication and
more, it comes with significant
risk. Travellers are increasingly
aware of the vulnerability that
comes with handing over
personal information and it’s
up to the trade to ensure their
clients’ data is as secure as
possible.
Anita Parent, ceo of software
solutions and technology
consultancy, Alchimea, says
there was an average of
200 000 daily cyber-attacks
globally in 2016 – a number
believed to have increased
substantially last year.
“Agencies need to adopt
security measures to ensure
their customers’ data is
safe and at no risk of being
hacked,” she says.
Melissa Nortje, executive
head of Strategy, Development
& Marketing at First Car
Rental, says the travel and
tourism industry is one of the
10 markets most targeted
for cyber security weakness.
“Card payments and data
sharing within this industry
have been under scrutiny
for years as cyber-attacks,
phishing scams and data
breaches become more
sophisticated. South Africa
is an entrepreneurial country
and therefore a high target for
criminals,” she says.
“In the ever-changing world
of technology, our customers
are becoming more aware of
what information they give us
and how we look after their
data,” says Bonnie Smith,
Flight Centre Travel Group gm
Technology. “People have the
right to own their information
and know that it will only be
used for the purpose that they
have agreed to.”
There are two components
that assist in making this
possible: technology and
legislation. Asata ceo, Otto
de Vries, says they go hand in
hand. “Legislation is a legal
tool that enforces compliance,
while technology is an enabler
of that legislation.” He adds
that technology should be
leveraged in the right way
to ensure data is collected,
stored and distributed in a
secure manner.
“Uniform application of
legislation that protects
consumers will help our
industry,” says Mladen Lukic,
gm of Travel Counsellors. He
says it accelerates removal
of or changes to legacy
processes, such as the
charge-back, and brings the
local industry in line with the
rest of the world.
The most recent regulations
affecting data security
include the SA Protection of
Personal Information (POPI)
Act and the Iata requirement
for Payment Card Industry
Data Security Standard (PCI
DSS) compliance. With the
implementation of PCI DSS
mere weeks away it is top of
mind for most in the trade.
Jannine Adams, senior
marketing manager at
Amadeus, says travel agents
need to understand that
whichever system or provider
they use to process credit card
details, it needs to be PCI DSS
compliant. She says all backoffice
accounting applications
and online payment gateways
and B2B wallets have to be
PCI DSS verified too.
Mladen says the SA travel
industry lags behind the rest
of the world in implementation
of PCI-compliant merchant
legislation and 3D secure
payment solutions.
However, Otto says meeting
PCI DSS requirements in
a business environment is
a global challenge. “This
was even echoed by one
director of the PCI DSS
Council who admitted that
travel was one of the most
complex industries in terms
of data collection, storage and
transmission because of the
amount of data we work with.
There’s certainly a disparity
in terms of technology and
how it is used in business
environments worldwide,
but we are not experiencing
anything different in terms of
there being challenges to its
implementation in the travel
industry. Of course, these
challenges differ depending on
the country,” he explains.
Otto says agents who are
compliant in both POPI and PCI
DSS, will show customers that
they are professional and
abide by the laws of the
land, revealing their value in
a confident and trustworthy
manner.
Wally Gaynor, Club Travel
md, says technology needs to
be the driver of data security.
“South Africa is very good
at introducing legislation,
often just copied from some
First World [country] but
with no means to police the
legislation.”
Mladen adds that once PCI
DSS is implemented and
policed fully, no travel agent
will exist without technology
that supports all the latest
security protocols.
Jannine advises agents to
look at their own environment
to assess whether they’re
using the latest, updated
browsers, most up-to-date
software applications and an
adequate firewall.
“These steps are part of the
PCI DSS process that travel
agents need to put in place.”
Technology, according to
Bonnie, provides a very secure
way to receive, transmit and
store data.
“Technology can be
developed and adapted to
new concepts and needs for a
business. Business can adapt
a technology and streamline
various processes to reduce
the human interaction with
sensitive data.
“Data can be encrypted and
decrypted as the need arises,”
she says.
Still more to be done
Despite the progress being
made to protect sensitive
information, Mladen
highlights two main areas
where vulnerabilities still
exist.
External stakeholders,
such as banks, airlines
and other suppliers, use
outdated procedures that
require or promote non-PCI
access to physical card
data. His second concern
relates to syndication
where a vendor enables,
and in some instances
promotes, co-operation
with a third party but
doesn’t manage and/or
monitor that party’s PCI
compliance.
Bonnie says the travel
industry needs to set
guidelines for receiving and
managing sensitive data.
“Individuals and business
units should be educated
by travel companies and
travel agents on how to
handle and process data.”
She adds that travel
companies need to find
more secure ways to
conduct business with the
private sector, which, in
turn, needs to adapt to new
concepts and technology.
“This is an ongoing
discussion between
travel and private sector.
Assistance with guidelines
and processes needs to be
provided by Iata and Asata
for hotels, lodges and
airlines,” she says.
Wally believes the local
travel industry is very alert
to issues such as credit
card fraud and scams
because of their prevalence
in the market, but is less
so when it comes to the
potential of big data theft
and hacking.
Are you taking full advantage of technology?
“WE ARE in the age of
technology and any business
not adopting technology
in one way or another will
not survive long,” says
Alchimea’s Anita Parent.
She says implementing
the right technology can
reduce costs, increase your
customer base and help your
business grow. Agentivity
ceo, Riaan van Schoor, says
agents are continuously
under pressure to provide
more services for lower
fees and margins. Using
technology to lower costs is
not as complicated or out of
reach as some might think.
Anita believes the areas
travel agencies should
focus on include data
security, automation, content
sourcing and client valueadds.
“Customers will
change agencies for the
right technology experience.
Agencies could have a
massive financial loss if data
is breached, consultants
will leave agencies if
processes are inefficient and
restrictive, and running costs
will increase if there is no
automation,” she points out.
According to Riaan, many
travel companies are lacking
the technology to provide
a proper view on their
businesses, so they can
make educated and informed
decisions. “Most agents rely
heavily on reporting from
their back-office, which is a
small representation of what
is actually going on in the
agency.”
He adds that tech products
such as Agentivity level the
playing fields by making it
possible for any agency,
irrespective of size or
affiliation, to have the tools
in place to take care of the
headaches and allow them
to focus on growing their
business.
Anita concludes: “If
agents have not yet adopted
technology, now is the time
to do it. Technology moves
fast and waiting will result in
agents being left behind.
Secure your data
Alchimea’s Anita Parent
highlights some key musthaves
for a good data
storage plan:
Strong password
policies;
Up-to-date and
monitored firewalls;
Anti-virus applications;
Malware detection
systems;
Strict laptop policies
for data transported
outside of your
environment;
Back-up security;
Annual vulnerability
tests;
Access control to data.
Anita cautions that
agencies are regularly
defrauded by “someone
on the inside”. She
advises having good
software that monitors
and restricts access to
the data, in addition to
a data storage plan to
ensure customer data is
secured on all fronts.
Be in the know
WHILE it’s important
for agencies to invest
in the latest available
technology, it is equally
vital that consultants
have the knowledge and
skills to use it correctly.
“One of the main
obstacles today is the
lack of knowledge on the
topic of data security. The
first line of defence in
protecting your company
from data breaches and
cyber-crime are your staff
members,” says Jannine
Adams at Amadeus. She
believes if staff are aware
and educated on the
topic of cyber security,
they can prevent attacks
from happening.
“Staying up to date
in an industry that’s
constantly shifting isn’t
easy, but being aware
of changes as they’re
happening can keep you
ahead of the curve,” says
Alchimea’s Anita Parent.
She adds that there is
not as much of a focus
on technology in Africa as
there is in the rest of the
world.
She identifies two
knowledge gaps in the
industry, specific to
the region: sourcing
good content and the
availability of technology.
“Most agencies believe
good content is only
available on the GDS.
That may have been true
in the past, but with Iata
introducing NDC and
direct connects, agents
now have the ability
to source fares from
multiple sources, allowing
them to offer customers
the best fare. Agencies
need to be on top of all
sourcing options.”
Anita says Alchimea
is working with
consolidators and GDS
content to provide
a sourcing platform
integrated into agencies’
operational processes.
Larger agencies, she
says, are usually aware of
the technology available
to the industry because
they travel to other
countries and attend
large travel technology
expos. Smaller agencies,
however, seem to be
unaware of what’s out
there. “There is this
perception that to get the
technology, you need to
spend large amounts of
money.”
Bridging the gap
To keep up with industry
challenges, opportunities
and trends, Anita advises
agencies to subscribe to
travel technology trade
journals and follow travel
technology handles on
social media.
Amadeus, says Jannine,
believes education and
communication are crucial
to combat data security
issues, which is why it
hosted a cyber security
workshop for the travel
trade last year. “If you
can educate your staff,
you can eliminate 90% of
the problems. Employees
need to know they have to
flag any suspicious looking
mails or transactions to
management immediately
to minimise the risk of
cyber-attacks,” she says.
Travel Counsellors,
says gm, Mladen Lukic,
develops technology
to promote seamless
integration with all
business processes. “Our
tech is developed by travel
agents for travel agents.
A 24/7 IT helpdesk and
continuous self-paced and
assisted training ensures
all Travel Counsellors are
always on top of all the
systems they use.”
Bonnie Smith, Flight
Centre Travel Group gm
Technology, says the group
offers consultants the
opportunity to operate
with new technologies.
She explains: “We
provide training on these
technologies through our
product help desk and
technology team.”
Gaps identified where
consultants could benefit
from training include basic
security of personal data
and accounts, she says,
pointing out that a general
lack of understanding
of technology across all
employees in the group is
still a concern. However,
with face-to-face and
e-learning the gap is being
closed.
New developments
IN THE next quarter,
Alchimea will be releasing
some exciting products,
services and improvements
to assist travel agencies.
Agents will soon have
the ability to source GDS
and NDC content with
Alchimea. “This content
will be fully integrated into
the product suite, allowing
automation of fees, markups,
best price locating
and more,” says Anita
Parent.
Another development
nearing completion
relates to PCI DSS
compliance. Anita explains
that Alchimea’s cloud
environment is in the final
stages of the PCI DSS
assessment and will be
ready to market in time
for the deadline. Further,
Alchimea’s applications
and cloud will be enhanced
to cater for the EU GDPR
legislation going live on
May 25. “This legislation
will affect any agency that
stores data of any EU
citizen,” explains Anita.
TC puts customers first
TRAVEL Counsellors’ recently
launched custom-designed
CRM platform boasts
features that enable Travel
Counsellors to seamlessly
and securely store customer
data and deliver bespoke,
personalised marketing to
each of their clients.
“For us, technology is
just one aspect that helps
us care even more,” says
Travel Counsellors md, Steve
Byrne.
“Our business model is
based on always putting the
customer first, and creating
personalised, authentic
experiences by using our
technology to tailor-make
something they simply could
not get anywhere else.
Crucial to this is that we
keep in close contact with
our customers to build strong
relationships that last long
after the booking.”
Artificial intelligence to play bigger role
EXPEDIA’S business travel
arm, Egencia, is anticipating
artificial intelligence (AI) to
play an even bigger role in
business travel in 2018 with
messaging, voice search and
bots active in surfing and
booking habits.
Senior director: product
marketing at Egencia, Jean
Noel Lau Keng Lun, says
by blending human and
AI-powered technology, TMCs
will be able to provide what
he calls an unprecedented
combination of convenience
and contextual relevance.
“One example is chat-powered
customer service, which we
expect to become integral to
travel planning,” he says.
Many industry forecasts for
2018 predict personalisation
as one of the major desires
of business travellers, and
Egencia believes, with the
emerging AI, technologies
will cater for this need. “This
is where AI provides real
value,” says Jean Noel. “It can
analyse huge amounts of data
and determine patterns to
give more personalised search
results, improving the booking
experiences.”
The range of apps and
software that currently
bring personalisation to the
business traveller are only
scratching the surface of
what AI is capable of. 2018
will hopefully see these
technologies evolving further.
The use of home-sharing
services is also on the rise
among business travellers.
Egencia’s 4th Business
Travel and Technology Survey
showed that this trend was
emerging due to business
travellers wishing to extend
their trips for a leisure break.
TripAdvisor and Airbnb are
also capitalising on the trend
by catering for, not only homesharing,
but adventure and
leisure bookings too.
ATAN alerts travellers to flight changes
KEEP an eye out for the
soon-to-be-released Amadeus
Travel Alerts Notifier (ATAN),
which will make it easier to
keep clients updated on any
changes to their travel plans
at any time during their trip.
According to research,
more than 80% of
passengers want to be
informed by airlines and
airports throughout their
journey. ATAN sends instant
automated alerts of any
changes to their travel
plans. It provides several
different alerts
without any
intervention
from the
agent. These
are sent via SMS
or email for flight
updates, waitlist
confirmation,
re-seating,
cancellation as well
as airport changes
such as boarding
gate, baggage
carousel, terminal
change or delay.
