IATA’S Passenger Agency
Conference Steering
Group has approved the
postponement of Payment
Card Industry (PCI) Data
Security Standard (DSS)
compliance in BSPZA until
March 2018.
Last month Iata
announced that agencies
operating within the BSP
that did not adhere to PCI
security standards (which
primarily have to do with
the protection of sensitive
cardholder information) by
June 1, stood to lose their
Iata accreditation (see TNW
March 8).
Because the process of
becoming compliant with
the PCI DSS framework is
complex and lengthy, Iata
will not proactively enforce
compliance at this stage.
For the time being,
agencies are not required
to submit any evidence of
PCI DSS compliance and
agencies will be advised
when this evidence is
required and how it can be
provided to Iata, including
the applicable timeframe, a
spokesperson said.
The new deadline for
compliance aligns with the
planned implementation
date for Iata’s proposed
new settlement system,
NewGen ISS, and agents
need to note that under the
NewGen ISS programme
they will need to be PCI
DSS compliant to have
access to credit cards as
a form of payment. Being
PCI DSS compliant will be
a mandatory condition to
obtain and retain status as
an Iata Accredited Agent.
Iata extends PCI DSS deadline
Comments | 0
