ASATA and ABTA affiliation key for TMC selection

South African corporates have placed ASATA and ABTA membership as a top consideration when selecting a TMC partner.

According to a recent joint ABTA-ASATA survey conducted among South African corporates, some 96% of corporates said that ASATA membership is important to non-negotiable when selecting a TMC to service their account. In addition, 82% of corporates cited ABTA membership as an important factor.

At least 70% of those corporates surveyed further indicated that if a TMC was not an accredited ASATA member, they would not be allowed to tender for their company’s business.

In order of priority, respondents also listed the criteria most important to the service received from their ASATA-accredited TMC as being:

  1. Achieving value for money and savings
  2. Transparency and Trust
  3. Professionalism
  4. Sound business practices
  5. Expert guidance

Both Associations represent professionalism in our industry and are benchmarks for travel buyers when considering the appointment of a TMC, says Otto de Vries, CEO ASATA.

ABTA founder, Monique Swart, highlights the reputation that ABTA and ASATA have within the corporate travel sector. “Travel buyers trust these two bodies do a great deal to elevate the level of the industry across South Africa.”

The successful collaboration between ASATA and ABTA is adding meaningful value to the industry, which “further highlights the message of engaging with industry professionals that are members of our associations.”

Respondents to the survey say these are the greatest benefits of ASATA:

  • 81% believe the association ensures credibility of the industry
  • 63% indicate that ASATA ensures the professionalism of the industry.

“I think there is still a lot of work to do, but the synergies between both Associations are vast and thus the collaboration makes perfect sense for most industry professionals,” explains de Vries.

“Our vision is to improve communication and the business relationships between TMCs and travel buyers. With ASATA’s focus on the TMC community and ABTA’s strong corporate following, combining our efforts to bring these two sectors together more regularly and encouraging meaningful interactions like the ABTA/ASATA focus group recently, will see that these objectives are far more likely to be reached,” concludes Swart.

Options for Industry Regulation on the table

The question of regulation received a great deal of airtime at the recent ASATA conference with EXP Regulatory Compliance Consulting providing feedback on a research study into the merits of South Africa’s travel sector becoming regulated.

At the heart of regulation is the need to protect consumers, not only from the standpoint of regulating consultants in their individual capacity, but also TMCs and travel agencies.

EXP Regulatory Compliance Consulting has examined regulation within five other South African industries, as well as regulation within the travel industry in six other countries.

The results have revealed that all of the reviewed overseas travel agency representative bodies are voluntary, but that these have a very high average industry representation. This is achieved by:

  1. Commercial force: Customers and travel service providers will only trade with members, because membership is synonymous with quality.
  2. Value in representation: Effective industry representation with government and other industry stakeholders.
  3. Added Services: Training on how to run a successful business, business tools info and advice, alternative dispute resolution, marketing and network opportunities.

At least 10 out of the 11 bodies studied have accreditation criteria to become a member, these include:

  • Fit and proper requirements (e.g. trade references, background checks)
  • Adherence to the body’s code of conduct
  • A trust account for funds belonging to consumers and service providers
  • Membership of a Travel Guarantee Fund or proof of insurance to protect funds belonging to consumers and service providers against fraud or bankruptcy
  • Customer support and complaints management policies and procedures
  • Accreditation may require that all, or a % of travel agents, must hold a designation
  • Some or all travel agents must have a certain number of years’ experience

The South African bodies that have been interviewed have cautioned against the following:

  1. Beware of anti-competitive behavior
  2. Statutory reforms are slow and labour intensive (and government is in flux)
  3. Litigation against voluntary bodies (typically brought by non-members) can sink them
  4. The implications (and, by implication, the benefits) of accreditation as an industry ombudsman in terms of the Consumer Protection Act is currently under consideration by our courts
  5. Formal dispute resolution by industry bodies can be expensive to administrate

Various options are possible in the travel sector space:

slide 15

EXP Regulatory Compliance Consulting will continue their research and stakeholder inputs over the next few months.

Workshops will be held in Cape Town, Durban and Johannesburg for members to provide input, and a survey will be distributed thereafter. After recommendations are presented to the board, voting on the options available will take place at the AGM on 28 September.

This is your chance as a member of South Africa’s travel sector to make your views on regulation heard by attending these workshops, taking part in the survey and voting at the AGM. You are also welcome to provide any other feedback, concerns and suggestions to

Protect your travel agency! Cyber Attacks hit SA!

A cyber security expert has warned that a global cyber ransom attack has spread to South Africa this week.

”We need people to understand that they must not open mail or attachments from senders they do not know,” Roi Shaposhnik of Johannesburg-based Gold N’ Links Cyber, was quoted in News24.

Describing it as the biggest cyber-attack in history, Shaposhnik said syndicates around the world targeted a weak spot in Microsoft security updates which lead to a massive crash. This type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data.

Microsoft released a patch (software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

The ransomware demands users pay $300 (R3 924) worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

How can you protect your computer and your travel agency from cyber-attacks and hackers?

  1. Be careful on social media

Shaposhnik warns people should be cautious on social media because it is not uncommon to track Twitter or Facebook posts to tailor an attack on those platforms. He urged Facebook and Twitter users to keep their accounts closed to all but friends they know, and to not open links from unknown sources.

  1. Be wary of unknown e-mails

Everyone should take extra precaution when opening emails from unfamiliar senders. This includes coupons, vouchers and any discount emails that you were not previously aware of.

  1. Get knowledgeable

Educating the entire company on the different types of cyber risks (e.g. spearphishing, vishing, typosquatting, etc.) goes a long way to protecting your travel agency. This training should be ongoing, as the security threat landscape is constantly changing.

  1. Create SOPs

Create standard operating procedures (SOPs) to minimise the threat of phishing scams and to identify legitimate requests.

  1. Install spam filters

Have strong spam filters in place to minimise inbound malicious emails.

  1. Update software

Keep anti-virus software and firewalls updated 24/7 since hackers are always looking for new ways to infiltrate your computer and network.

  1. Conduct tests

Conduct random testing with mock phishing scenarios.

  1. Back up regularly

Be sure to backup on a regular basis to ensure you always have your files stored on the cloud or an extra external platform.

Social Media

US Social Media Hype: Here’s what you need to know!

Reports about the US asking visa applicants for social media passwords have been rife in the media during the past few weeks. Although there are several changes planned for the US visa procedures, be aware of the danger of sensationalism and fake news.

Here’s what to tell your customers:

The US State Department is indeed planning to tighten visa procedures and has officially asked for public comments on its proposal.

The Department proposes requesting the following information, if not already included in a visa application, from a certain number of visa applicants worldwide:

  • Travel history during the last fifteen years, including source of funding for travel;
  • Address history during the last fifteen years;
  • Employment history during the last fifteen years;
  • All passport numbers and country of issuance held by the applicant;
  • Names and dates of birth for all siblings;
  • Name and dates of birth for all children;
  • Names and dates of birth for all current and former spouses, or civil or domestic partners;
  • Social media platforms and identifiers, also known as handles, used during the last five years; and
  • Phone numbers and email addresses used during the last five years.

The reason the US wants to collect this information is to ‘more rigorously evaluate applicants for terrorism or other national security-related visa ineligibilities’.

The Department has pointed out that most of this information is already collected on visa applications but for a shorter time period, e.g. five years rather than fifteen years.

Requests for names and dates of birth of siblings and, for some applicants, children are new. The request for social media identifiers and associated platforms is new for the Department of State, although it is already collected on a voluntary basis by the Department of Homeland Security (DHS) for certain individuals.

The Department further said visas may not be denied on the basis of race, religion, ethnicity, national origin, political views, gender, or sexual orientation.

visa europe

Take Note! Australia implements visa changes

Australia’s Department of Immigration and Border Protection has announced some changes that might impact on South Africans applying to travel to Australia.

Debit/Credit Payment now accepted at TLScontact South Africa

To assist applicants and agents in making visa application to Australia, all TLScontact Australian Visa Application Centres in South Africa will begin accepting debit and credit card payments for the visa application charge from 1 May 2017.

The debit and credit payment option is a safer, more efficient method of payment, where you or your clients will no longer be required to bring significant amounts of cash when lodging their visa application at TLScontact.

TLScontact will continue to offer the cash payment option at all locations.

Booking Biometric Appointments with TLS

Australia’s Department of Immigration and Border Protection has received a number of complaints from agents who are having difficulty booking appointments with TLScontact for their clients to provide biometrics, with some locations waiting up to a week before the next available appointment.

When booking an appointment through TLS and completing Step 1 – Form Filling, travel agents are advised to choose Biometric Enrolment when completing the Visa Type & Travel Purpose field. TLScontact uses two separate appointment schedules, with many more appointments slots available for those undertaking the quick biometric enrolment compared with the other options for those submitting full visa applications.

Watch out for these common Mistakes in Applications

Travel agents have been strong adopters lodging through the preferred method of online lodgement via ImmiAccount. This online lodgement portal will continue to be expanded to more visa types as part of the Departments’ digital transformation strategy.

While this online system has helped reduce the processing times for visa applicants, there continue to be several steps applicants and migration agents can ensure their clients application has been fully completed to further reduce these times.

Below is a list of the most common reasons for a delay in visa processing:

  • Biometrics not undertaken: The biggest delay in processing times for most visitor visa applications is due to the applicant not undertaking biometrics at a TLScontact Visa Application Centre within requested timeframe. Please encourage your clients to provide biometrics at the earliest opportunity.
  • Visa Validity vs. Period of Stay: A number of applicants and agents routinely confuse the visa validity (how long the visa for travellers is valid until) with the proposed period of stay (how long the applicant plans to stay in Australia for any one trip). Proposed periods of stay longer than 3 months will trigger health requirements for their application, which create unnecessary cost burdens and delay processing times while this is identified.
  • Under 18’s travelling without parent(s): Where children under 18 years of age intend to travel to Australia, any non-accompanying parent(s) or person(s) with parental responsibility are required to sign a consent form to give permission for the child/children. Form 1229: Consent to grant an Australian visa to a child under the age of 18 years must be completed and attached to the application. Form 1257 Undertaking Declaration must also be completed.
  • Health Requirements: most visa applicants are required to meet certain minimum health standards to be granted a visa. All permanent, provisional and certain temporary visa applicants are required to complete health examinations as part of the visa application process to determine if they meet the health requirement.
  • Over 75: visitor visa applicants over 75 years old will require to undergo a medical examination from the Panel Doctor and acquire Travel Insurance covering the period of their proposed stay in Australia. Please note that if the applicant intends to visit Australia for more than 6 months a chest x-ray will also be required.
  • Entering a Hospital: visa applicants who are likely to enter a hospital or health care environment which includes a palliative facility while in Australia will be asked to undergo full health examinations i.e. a medical examination and a chest x-rays with Australian Panel Doctors. This includes travelling to attend births or visiting unwell family and friends.
  • Undertaking Health Prior to Lodgement: if your client already knows that the visa that they want to apply for requires a medical examination, or they have a compassionate/compelling application and will be likely be entering a health care facility during their visit, travel agents should advise them to undertake their full medical examinations (medical and chest x-ray at our panel doctors) before lodging a visa application. This HAP number needs to be included on the on-line application under the question “have you completed a health care examination in the past 12 months.” The HAP number also needs to be given to the doctor when you make your appointment. More information and obtaining a HAP ID can be found at Health Declarations
  • Ensure all declarations are signed: Particularly for travel/migration agents please ensure Form 956 – Authorised Recipient has been completed in full.
tick tock

POPI Act – the clock is ticking…

The clock is ticking on the new POPI Act. And although the effective commencement date of this new act remains unclear, it is important for travel agents to be prepared and make POPI a priority in 2017.

Here’s what you need to know:

When is the POPI commencement date?

Nobody knows for sure. The President needs to proclaim the exact date.

According to law firm Michalsons, POPI is expected to commence by 24 May 2017 with a one-year grace period.

“This will mean that by 24 May 2018, you must comply with these privacy and data protection laws, whichever applies to you,” John Giles, a legal advisor at Michalsons, was quoted as saying. “There is no time to lose and much of the hard work needs to be done in 2017, especially the implementation action items.”

What is it exactly?

POPI regulates the manner in which personal information may be processed and provides rights and remedies to protect personal information.

Does it apply to travel agents?

The Act applies to every business that processes (collects, disseminates or merges) personal information (passport numbers, names, phone numbers, race, gender, etc.) and special personal information of the ‘data subject’ (client) ‘entered into a record’ (such as e-mails and hard copies) by or for a responsible person (the travel agent) who determines the purpose and means of such processing (to book flights, hotels, car rental).

How will POPI be policed?

The Act has its very own regulator, which was established in December 2016.

The regulator has extensive powers to investigate and fine responsible parties. Fines can range up to R10m and jail sentences of up to 10 years.  Consumers will be able to complain to the Information Regulator and it will be able to take action on behalf of consumers.

The regulator can demand access to a travel agent’s premises to conduct an investigation. He/she can search the premises, inspect, examine, operate and test equipment used to process information. He/she can also stop a travel agent from processing information, which will effectively mean the travel agent will have to close its doors.

For more information on the POPI regulator, the government has established a new website in February 2017:

What should travel agents start doing and when?

Even though the commencement date has not been set yet, travel agents should start getting retting to comply with POPI.

Here’s what you can already start doing:

  • Raise awareness of POPI within your organization
  • Plan what you will do to protect personal information
  • Start implement the changes you need to make as soon as possible

The Basic Rule

You need the consent of the consumer in order to process their personal information!

Appoint an information Officer

An Information Officer is the CEO or equivalent officer or any person duly authorised by that officer. Every company (responsible party) must appoint an information officer to ensure compliance by the responsible party with provisions of the Act, and the officer must be registered with the Regulator.

Get everything in writing

Always notify clients about what type of information you collect about them and why. This notification can be a simple booking form, which reads: “Please refer to our privacy policy and terms and conditions, which deal with the way your personal information is stored. The purpose of collecting, disseminating and merging is contained therein.”

What if it’s a telephone booking?

Send the client an email, preferably with a delivery receipt recording the transaction and stating in the email: “As per our conversation, you confirm having understood and agreed to our privacy policy and standard terms and conditions; and (ii) that we may proceed with your booking/reservations on your behalf in accordance with our privacy policy and standard terms and conditions. We informed you during the telephone call that we do collect information in line with the POPI Act and by doing so you hereby consent to us utilising same for the purpose as set out in our privacy policy and standard terms and conditions etc.”

What about online bookings

Have a cookie policy in that warn your customers that you are collecting their personal information. Include a disclaimer that outlines that by logging onto the site, the client consents to sharing his information.

What to do with children’s information?

Children’s’ information may not be processed unless it falls into a specific authorisation in POPI. However, you have the right to capture the children’s information if a competent person, such as a parent, gives consent.

Can I share information with third parties?

No! Travel agents are not allowed, under the POPI Act, to reveal any personal and/or special personal information to third parties.

For example, agents cannot divulge information to their client’s wife or boss unless the client has signed an agreement that all information can be passed on.

It is advisable to have agreements in place with corporate clients whereby the company gives you the permission to do all future bookings for the company and their employees. Companies must ensure that they have the requisite permission and/or consent from their employees to hand over information on all bookings made by the company irrespective of who the employee is.

Adjust your terms and conditions

Insert clauses into your current terms and conditions that stipulate that your agency will be collecting personal information as well as special personal information as defined by the POPI Act to secure bookings with third party service providers.

Credit Card information

Internal policies and procedures will need to be implemented, especially with regard to safeguarding any credit card information. Ideally the company should appoint an information officer. This should be the only person to access and process payments on behalf of clients.


Destroy information

The Companies Act states that travel agents need to keep documents on file for five years. According to the POPI Act, travel agents can’t keep documents for longer than is necessary to render services.

What to do? Notify the consumer in writing that his/her information will be filed away for five years, after which it will be destroyed. During that period, nobody else will have access to that information.

If the client requests to be removed from the database, comply with this request. Remove his/her file from the computer database and get his/her file offsite with companies such as Metrofile or if you prefer electronic vaults, such as Safe4. 8.


Report any breaches!

Once a breach has occurred the travel agent has an obligation to report the breach to the Regulator as well as the client.

Travel agencies will be held liable for non-compliance with the POPI Act regardless of whether there was an intention to leak information or whether it was negligence.