March 1 is D-Day

ATTEMPTS by Asata to defer
the deadline date for PCI DSS
(Payment Card Industry Data
Security Standards) compliance in
BSPZA were dismissed at the recent
Passenger Agency Conference (PAConf).
 This means that agents who don’t
comply with PCI DSS requirements are
at risk of being cut off from credit card
ticketing.
“While we will continue to pursue
any other avenues available to us to
request a deferment of compliance
so that we can clarify the existing
conflict in PASA (Payment Association
of South Africa) communication, we
would urge all travel agencies with Iata
licences to proceed with the necessary
steps to ensure their compliance by
March 1, 2018,” says Otto de Vries,
Asata ceo.
Otto says Asata had requested a
deferment at PAConf, but that it had
been defeated during the vote.
He explains that, while PASA states
that recording the card number is
no longer allowed, SA legislation
requires a CCCF in the absence of an
automated solution.
“It becomes proof of the cardholder’s
presence/card authentication in
case of a dispute of the original
transaction,” he says.
According to Otto, PCI DSS
requirements do not forbid the storing
of the card number in a paper or
electronic form. They simply require
that the storage be conducted
securely.
“PCI addresses how this payment
data is retained, not what is retained.
The point we are making pertains to
PASA’s own conflicting communication
around the acceptance of or ban
against CCCFs, and not that we are
seeking a deferment because of a
conflict between PCI DSS and PASA
requirements,” explains Otto.