Failed to comply with PCI-DSS? These are the consequences

01 March was D-Day for travel agents to become PCI-DSS compliant.

IATA has warned that failure by the Agent to provide IATA with the necessary evidence of PCI-DSS compliance will trigger the following non-compliance actions:

If your Travel Agent is currently located in a country governed by Resolution 818g, failure to comply with these requirements per IATA’s request will result in a Notice of Non-compliance being issued against the Agent and member Airlines will be notified. This notice will be in force until the country of the agent’s operation is migrated to New Gen ISS under Resolution 812 and will specify that Credit Card form of payment will be restricted for this Travel Agent unless the evidence is provided prior to the specified date. It should be noted that this action will not lead to suspension.

If your Travel Agent is located at a country governed by Resolution 812, failure to comply with these requirements per IATA’s request will result in an Administrative Non-Compliance and required the Agent to remedy the situation within 30 days of the notice. In case the Agent, has not demonstrated to IATA ́s satisfaction that the reason for the Administrative Non-Compliance has been remedied, IATA will:

  • immediately restrict the Agent’s use of the Customer Card Payment Method; and
  • such restriction will remain in place until the Agent has demonstrated to IATA’s satisfaction that the reason for the Administrative Non- Compliance has been remedied and the Agent is compliant with all applicable requirements for authorization to use the Customer Card Payment Method.

IATA has advised that PCI DSS Wizard Tool is now live

The  TrustKeeper PCI Manager account is ready for use for those Travel Agents whose merchant level are one of the three defined below.

Level 2 – Any merchant — regardless of acceptance channel — processing between 1 million to 6 million total transactions annually (or 1 million to 6 million total BSP transactions)

Level 3 – Any merchant processing 20,000 to 1 million e-commerce card BSP transactions per year

Level 4 – Any merchant processing fewer than 20,000 e-commerce card BSP transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M card transactions per year

*Detailed merchant level definitions can be found at Visa and MasterCard.

If an Agency does not process credit card transactions, the Agency must submit through the IATA Customer Services portal.

It should be noted that upon completion of such declaration no further proof of compliance will be requested from your Agency, however Credit Card form of payment will be disabled for your Agency upon migration of your country of operation under NewGen environment and resolution 812.

You can register your TrustKeeper PCI Manager account by following the below link:


TrustKeeper PCI Manager will walk you through the steps that are right for your business type, making it easy for you to understand what needs to be addressed, how to find the solution, and easily check-off the task once it is complete.

The key features of TrustKeeper PCI Manager include:

  1. Recognised by the PCI Security Standards Council (PCI SSC)

Trustwave is recognised by the PCI Security Standards Council (PCI SSC) as a Qualified Security Assessor Company.

  1. Trusted Commerce Seal and Certification

After you have completed the streamlined compliance process, PCI Manager will facilitate reporting your compliance status back to IATA automatically on your behalf. You can view and download milestone progress reports, download a Certificate of Compliance as well as the PCI Attestation of Compliance. You can display the Trusted Commerce® seal on your website to showcase your compliance to visitors.

  1. Web Based Portal

The compliance process can be challenging. TrustKeeper PCI Manager is a secure, intuitive and easy to understand web-based portal designed to walk you through the compliance process step-by-step.

The portal is available in the following languages:
English, Danske, Deutsch, English (UK), Español, Suomi, Français, Français (Canada), Íslenska, 日本語, Nederlands, Norsk, Polski, Português, Svenska, 简体 中文, 繁體中文

After you have created your username and password, we recommend bookmarking the URL: https://login.trustwave.com

  1. Hassle free

TrustKeeper PCI Manager takes the SAQ completion process complexity away from you by providing simple questions that guide you into completion of the correct SAQ type applicable to your business.

  1. Online Security Awareness training

TrustKeeper PCI Manager provides you with basic courses about PCI DSS so you will feel confident with the matter.

  1. Around-the-Clock

Trustwave’s team of seasoned compliance support analysts is available 24 hours, 7 days a week, 365 days of the year. For assistance, contact Trustwave by email at support@trustwave.com or by calling the following number in South Africa: 800 981 295.

  1. Express Renewal

PCI DSS validation is required annually. All Travel Agents, must warranty continued compliance with PCI DSS, therefore an express renewal feature will help you to easily comply with this requirement, if no significant changes have occurred since the previous assessment.

As already pointed out, the utilisation of the tool to obtain PCI certification is not free of charge, service descriptions along with pricing can be found on the IATA PCI DSS Certification Program page. Also, this tool is just an alternative way for your Agency to obtain PCI DSS certification. IATA will accept the evidence of compliance as long as it is properly certified by the eligible partner of PCI Security Standards Council, depending on the level of compliance that your Agency falls into.

Last but not least, IATA would like to remind you that there is a dedicated PCI DSS webpage to help you understand the importance of this requirement for your business, guide you through the first steps that you will need to take and indicate the evidences that will be accepted by IATA to indicate compliance:


For support in regard to any enquiry, please contact IATA via the Customer Portal. These queries will be handled with the highest priority.

2017 rewind

And that’s a wrap…

And that’s a wrap! Another year gone by and a bit of a mixed bag. Here’s to the year that was…


At the end of 2016, the Flight Centre Travel Group (FCTG) joined ASATA, and in January of this year, its MD Andrew Stark joined the ASATA board, along with Holiday Factory Director Jackie Turnbull.

It was with great sadness that ASATA also shared the news of the passing of two industry icons during this month: Usman Ahmed of Flywell Travel and Izy Etkin of Wings Travel Management.


The controversial UBC requirements for travellers with children continued to cause havoc for South African and foreign families travelling together.

February also saw US President Donald Trump signing an executive order imposing a 90-day ban on visitors from seven predominantly Muslim countries. The ban was suspended just a week later.

Various airlines suspended operations to Abuja, Nigeria, as a result of upgrades and repairs to the runway, while Arik Air suspended its flights to Johannesburg.


The South African Qualifications Authority (SAQA) first published ASATA’s application to be recognised as a professional body in the Government Gazette for comment.

Thanks to ASATA, the possible (self) regulation of South Africa’s travel industry took a step forward as ASATA embarked on an intensive research study with EXP Regulatory Compliance Consulting to review how various industries and countries have tackled the issue of regulation and to identify best-practice examples that South Africa’s travel industry could emulate.

Furthermore, ASATA, as part of the World Travel Agent Associations Alliance, participated in an important project in conjunction with IATA, called the ADM Reduction Project.

At the end of May, we toured the country to meet with our members and outlined ASATA’s strategy as well as provided updates on PCI DSS compliance.

March also saw the introduction of the electronics ban on flights to the US and the UK via the Middle East. And, in what was described as a “here we go again” scenario, US President, Donald Trump, on 6 March, again signed a new executive order imposing a 90-day suspension of entry to the US for nationals from six majority Muslim countries.


ASATA was instrumental in helping push back the implementation date from June 2017 to March 15 for PCI DSS compliance as a mandatory condition to obtain and retain accreditation as an IATA Accredited Agent.

Russia and South Africa scrapped visa requirements on April 1. Since that time, South Africans travelling to Russia can stay or transit without a visa for a duration of up to 90 days.

ASATA and the African Business Travel Association also held their first Corporate-TMC Focus Group to devise practical strategies and actions that the two associations and industry could take to bridge the gaps in relationship between TMCs and corporates. Themes that were discussed during the Focus Group included:

  • The understanding of value
  • Getting the RFP journey right
  • What role the TMC should play
  • What expectations both TMCs and Corporates have from each other

ASATA’s mobile app, sponsored by Amadeus, became available for download from the Apple and Android stores. It has become an important communication platform used by ASATA to communicate with members and partners.

Standard Bank advised ASATA in April that taking an imprint of a MasterCard or VISA card would no longer protect merchants against chargebacks for manually entered transactions.

And, a media storm broke out surrounding a passenger who was forcibly removed from United Airlines when he refused to give up his seat voluntarily. As a result, airlines started reviewing and adjusting their overbooking policies.


ASATA continued to remind its members that the clock is ticking on the new POPI Act and that travel agents needed to make it a priority.

ASATA held its annual conference in Sun City with as theme ‘Power in Unity’. The theme was chosen at a time when dynamic change and strong leadership were needed to navigate a disrupted industry.

The question of regulation received a great deal of airtime at the ASATA conference with EXP Regulatory Compliance Consulting providing feedback on a research study into the merits of South Africa’s travel sector becoming regulated.

At the heart of regulation was the need to protect consumers, not only from the standpoint of regulating consultants in their individual capacity, but also TMCs and travel agencies.

South African corporates also indicated they placed ASATA and ABTA membership as a top consideration when selecting a TMC partner.


ASATA hosted workshops in Johannesburg, Cape Town and Durban to gather travel-industry stakeholder feedback with regards to its study into the possible regulation of South Africa’s travel industry.

British Airways announced that it would impose a distribution fee on all bookings made through any Global Distribution System (GDS). And the UK started charging for all visa enquiries through its new commercial partner, Sitel UK. The cost for an e-mail enquiry was set at R91.

In what media reports called ‘the biggest political crisis in the Middle East in years’, several Arab countries also severed ties with Qatar in June with far-reaching effects for the travel industry.


It was with great sadness that ASATA acknowledged the passing of Laurie Wilkinson, owner of Sure Travel Studio, in July this year. Laurie will be remembered as a passionate mentor in the South African travel industry.

The controversial US laptop was scrapped in favour of increased security measures on all direct flights to the US from 105 countries around the world, including South Africa.

Travel agents in South Africa were also advised to warn their clients to be vigilant when travelling via OR Tambo International Airport following a spate of criminal incidents and follow-home robberies from the airport.

British Airways’ mixed cabin crew embarked upon a marathon 16-day strike, and visa requirements for India became stricter as South African travellers were required to submit biometrics when applying for an Indian visa.


ASATA once again showed its commitment to the Business Traveller Africa Conference & Awards by signing up to be a corporate event partner.

As part of its efforts to be recognised by SAQA as a Professional Body and to promote professionalism within travel, ASATA revamped the ASATA Professional Programme (APP) in August. The new APP system allows travel consultants to update their information, including qualifications and competencies, which are then verified by their supervisor before they can be awarded the designation of Travel Practitioner.

Airports around the world increased their security measures with travellers being warned to expect major delays, while Southern Europe rallied against what it called ‘overtourism’.

In terms of airlines SAA appointed Vodacom group executive, Vuyani Jarana, as its new CEO, while Airberlin announced it was filing for insolvency and Ethiopian Airlines scrapped its Durban flights.

Qatar waived entry visa requirements for the citizens of 80 countries including South Africa, and Lanseria International Airport became the first airport in Africa to introduce self-service technology for passengers.


Great news emerged for the industry as ASATA received accreditation from the South African Qualifications Authority (SAQA) and it was announced agents could soon apply for the official designation of Travel Practitioner (TPrac).

Through ongoing consumer awareness campaigns, ASATA continued to make sure that travel agents are being talked about across the media. Thanks to our efforts, newspaper headlines changed from “Is the travel agent dead?” to “Why are travel agents still a thing?” and “Travellers are embracing human agents again”.

During September as well, ASATA commissioned Grant Thornton to create an Annual South African Travel Market Index Report to determine the state and size of South Africa’s travel sector.

In the US, Hurricane Irma caused havoc to many travel plans.


ASATA appointed Monique Diez in October to drive its ASATA Professional Programme and related projects that include the ASATA Awards and Young Professionals in Travel. The appointment came as Jacqui McKnight announced her retirement.

Madagascar was shaken by a deadly Plague outbreak, which saw airlines suspending their services to the country.

Cape Town on the other hand announced increased air access from October 29, with one new route and two route expansions.


The new SAA CEO took over the reins of the national carrier and announced he would start looking for an equity partner for SAA from within the aviation industry.

Air France-KLM became the latest airline group to announce it would start levying a surcharge for GDS bookings from 2018, while Alitalia confirmed it would launch flights to Johannesburg in the coming year.

Also in November, the Passenger Agency Conference (PAConf) saw the adoption of New Gen ISS, which introduced additional complexities for travel agencies, and attempts by ASATA at PAConf to defer the deadline date for PCI DSS compliance in BSPZA were dismissed.

In Zimbabwe, Robert Mugabe officially resigned as president of Zimbabwe after 37 years ruling the African nation.


ASATA appointed a panel of dynamic and well-respected industry leaders to select the best of best among the nominees for the ASATA Awards 2018.

ASATA appointed its new board for 2017/2018, reflecting representation from all of South Africa’s major retail travel groupings. The President, Vice-President and Treasurer will be elected by the board at its first board meeting at the end of January 2018.

Bali experienced increased volcanic activity leading to the FCO warning that ash clouds from the volcano could cause the airport to close on short notice.




The SAQA professional Designation – what you need to know

By now, you’ve probably heard that travel agents in South Africa will soon be able to apply for the official designation of Travel Practitioner (TPrac) following the accreditation of ASATA by the South African Qualifications Authority.

But, what does this mean exactly for travel agents? How and when can you apply? How much does it cost?

We’ve tried to answer your most pressing questions with regards to the SAQA designation here.


ASATA and its role as a professional body – what does this mean?

  • SAQA has recognised ASATA as a professional body. This means that ASATA can award (currently) the professional designation of Travel Practitioner. ASATA is not an accredited Training Provider.
  • SAQA has registered the initial designation of Travel Practitioner.
  • ASATA has revived the ASATA Professional Programme which is the process through which a travel consultant (agent) can seek to achieve the designation of Travel Practitioner.

What is APP?

It is an online platform that allows travel consultants to create a profile and update their skills, experience, qualifications and Continuous Professional Development (CPD) points to achieve a designation.

When can agents start applying for the TPrac designation

ASATA is currently testing APP with trade stakeholders who have volunteered to give feedback on the new system to refine it. Once this process has been concluded, we will launch the site to members and non-members seeking to participate and attain a designation. It is a web-based system, so there will be a URL that users can visit to register their profile. A neutral designation and appeal committee will be appointed, travel consultants will be able to start applying for their designation.

After TPrac, what’s the next designation that will be rolled out and when will agents be able to start applying?

ASATA has further listed their request for future submission to SAQA for the designations of Travel Professional (considered if you have a general certificate in travel or other travel qualification from an accredited training provider) and Certified Travel Professional, which would require the candidate to take exams. We envisage these designations to be registered in 2019/2020 subject to approval and SAQA process being followed.

Is there any cost to be recognised?

A participation fee pertains to all registrations and designations on the APP system. Registration costs for ASATA members are R175 pp annually, while non-ASATA members pay R295 pp annually, VAT inclusive. Registration fees will be valid until the end of 2018

To receive your designation, ASATA members pay an additional R340 pp, while non-ASATA members non-ASATA members pay R590 pp, VAT inclusive.

Why do we have to pay?

The development of the APP system, administration of the process by ASATA and the fact that participants must have paid-up fees to maintain designation, according to SAQA.

  • If one has to go through the RPL process there will be costs.

Will agents need to repeat or go through the process each year?

Designation requires Travel Practitioners to accumulate 60 CPD points over a 3-year period, so the Travel Practitioner will have to upskill themselves to ensure that these points are retained. There is a review after 5 years.

How does the actual vetting process work? Will someone at ASATA manually go through each application?

Once the applicant has updated their APP profile, this is then submitted to their line manager or supervisor to check. Once this is checked, the application is sent to ASATA and a neutral soon-to-be appointed designation and appeals committee will adjudicate each application.

I have been in travel for 15 years? Will this be considered for designation purposes? 

Yes, we will take this into consideration and apply what is called the ‘Grandfather clause’.

If you have a higher qualification e.g. Diploma in Travel Tourism/ MBA and relevant qualification with travel as an element, we can take this into account

Is it mandatory to apply for a designation? 

Currently it is voluntary to apply for a designation.

avoid scams

Warn your customers – that’s your duty of care

Did you know that as a travel consultant, you have a duty of care responsibility to divulge to your clients any information about dangerous destinations, as well as unusual threats?

In a world where destinations that were once considered safe, become unsafe in the mere matter of minutes, this is a truly tricky prospect. Says Otto de Vries, ASATA CEO: “Keeping your customer informed before and during their travel is one of the areas in which travel consultants can add real value from a duty of care perspective.

“There are a multitude of sources that can be leveraged to keep you informed, in addition to eTNW, Travelinfo, the ASATA Facebook Page and even local online news platforms. Take it a step further and create Google Alerts for destinations to which your customers frequently travel, sign up for foreign travel advisories and subscribe to alert newsletters.”

In addition to destination advice, there are some common international scams that travel consultants can share with their customers, whether these are travelling for business or leisure to help them travel with peace of mind.

Card Scams

This one may seem rather redundant to remind South African travellers about, but often on our travels we let our guard down and forget that the same safety habits we have at home should be employed when we’re in another country.  Travellers should never let anyone see their pin so when they’re keying it in on a point of sale device at a counter or at an ATM they should shield their keypad as much as possible. If someone contacts them from their ‘hotel’ to ask them to verify their bank card details over the phone or email. Tell them to contact the hotel directly and verify why this is required.

Maybe selfies aren’t so bad

Your customers should be aware of helpful people in busy tourist areas who offer to take a photo of their group with their phone or camera. Just as they’ve perfected their pose, they may find themselves running to catch up with the guy who’s just fled with their expensive phone.

WiFi woes

With the price of roaming being what it is, WiFi is like the holy grail for South Africans travelling abroad who want to stay connected. But WiFi hubs can be insecure and leave travellers open to hacking.  Advise your clients to never access their bank account online while connected to public WiFi.

Taxi metre magic

Travellers using metre taxis must ensure that they check beforehand that the metre is broken as this is a common scam overseas. The taxi driver claims that their metre is broken and then charges unsuspecting travellers a ridiculous amount on arrival. Check carefully the amount given to the taxi driver and the change received so that you are not swindled after the fact by a taxi driver who claims that you only gave him a certain amount so do not require change.

Too good to be true

As with everything, if it seems too good to be true, it probably is. Counsel your clients to verify travel deals they ‘find’ on Facebook and other online platforms that offer holidays at prices that are unrealistic. Remind them that cheaper is not necessarily better and that the outcome of being duped by a travel scammer is that they will be left with no recourse, and no holiday. One of the reasons they entrust their travel plans with a bona fide travel consultant is so that they can travel with peace of mind.



New CEO for SAA – what travel agents need to know

SAA has appointed Vodacom group executive, Vuyani Jarana, as its new CEO. He will commence his duties after his current employer has officially released him.

Jarana is currently Chief Officer for Vodacom Business at Vodacom Group LTD, a position he has held since 2012. He is also a member of the core leadership team of Vodacom Group responsible for the enterprise segment across the continent.

Finance Minister Malusi Gigaba said: “Given that Jarana has turned around a loss-making subsidiary of the Vodacom Group, Vodacom Business Africa, into profitable and growth business, we believe he will be key in turning around SAA.”

What will the job of the new CEO be?

Jarana will have to slash costs, boost revenue and re-engineer the airline. He will also be implementing a long-term turnaround strategy and corporate plan which he did not formulate.

Jarana’s appointment will bring much needed stability to the executive management of the airline which has been without a permanent CEO since the departure of Monwabisi Kalawe in 2014.

What’s happening with SAA’s loan repayments? 

Gigaba is leading negotiations with SAA lenders in an attempt to postpone the repayment of loans due in September. SAA had to find an additional R6.9bn to settle these loans. The loans were due for settlement in July‚ but the airline managed to convince most of the lenders to defer the payment to end September.

How much money does the airline still need from government?

In addition to the R2.2bn bail-out, SAA told the Treasury it needed R13bn over the next three years, of which R3bn will be used for working capital and R9.1bn to retire the debt that is maturing in the current financial year.

Will the government grant SAA another bailout?

Minister Gigaba will make an announcement on a bail-out in the medium-term budget review in October. Gigaba said strict conditions would be attached to the recapitalisation of the airline.

Will SAA need to cut routes?

One of the measures to cut costs at SAA is to cease operations on unprofitable routes, including the Johannesburg-Abuja route.

Briefing Parliament’s Standing Committee on Finance on August 4, SAA acting ceo, Musa Zwane, said he expects to save R900m per annum by cutting a number of routes.

What’s happening with the Preferential Procurement Regulations?

Other than the appointment of an SAA CEO, Gigaba had also undertaken to meet the deadlines set on National Treasury in the 14-point Action Plan released in July, including the implementation of the Preferential Procurement Regulations.

Implementation of the Preferential Procurement Regulations commenced on 1 April 2017 and the reference to July 2017 is linked to accelerating efforts towards inclusive growth – preferential procurement regulations are one of the policy instruments to accelerate the inclusive economic activity.


ASATA and ABTA affiliation key for TMC selection

South African corporates have placed ASATA and ABTA membership as a top consideration when selecting a TMC partner.

According to a recent joint ABTA-ASATA survey conducted among South African corporates, some 96% of corporates said that ASATA membership is important to non-negotiable when selecting a TMC to service their account. In addition, 82% of corporates cited ABTA membership as an important factor.

At least 70% of those corporates surveyed further indicated that if a TMC was not an accredited ASATA member, they would not be allowed to tender for their company’s business.

In order of priority, respondents also listed the criteria most important to the service received from their ASATA-accredited TMC as being:

  1. Achieving value for money and savings
  2. Transparency and Trust
  3. Professionalism
  4. Sound business practices
  5. Expert guidance

Both Associations represent professionalism in our industry and are benchmarks for travel buyers when considering the appointment of a TMC, says Otto de Vries, CEO ASATA.

ABTA founder, Monique Swart, highlights the reputation that ABTA and ASATA have within the corporate travel sector. “Travel buyers trust these two bodies do a great deal to elevate the level of the industry across South Africa.”

The successful collaboration between ASATA and ABTA is adding meaningful value to the industry, which “further highlights the message of engaging with industry professionals that are members of our associations.”

Respondents to the survey say these are the greatest benefits of ASATA:

  • 81% believe the association ensures credibility of the industry
  • 63% indicate that ASATA ensures the professionalism of the industry.

“I think there is still a lot of work to do, but the synergies between both Associations are vast and thus the collaboration makes perfect sense for most industry professionals,” explains de Vries.

“Our vision is to improve communication and the business relationships between TMCs and travel buyers. With ASATA’s focus on the TMC community and ABTA’s strong corporate following, combining our efforts to bring these two sectors together more regularly and encouraging meaningful interactions like the ABTA/ASATA focus group recently, will see that these objectives are far more likely to be reached,” concludes Swart.

Options for Industry Regulation on the table

The question of regulation received a great deal of airtime at the recent ASATA conference with EXP Regulatory Compliance Consulting providing feedback on a research study into the merits of South Africa’s travel sector becoming regulated.

At the heart of regulation is the need to protect consumers, not only from the standpoint of regulating consultants in their individual capacity, but also TMCs and travel agencies.

EXP Regulatory Compliance Consulting has examined regulation within five other South African industries, as well as regulation within the travel industry in six other countries.

The results have revealed that all of the reviewed overseas travel agency representative bodies are voluntary, but that these have a very high average industry representation. This is achieved by:

  1. Commercial force: Customers and travel service providers will only trade with members, because membership is synonymous with quality.
  2. Value in representation: Effective industry representation with government and other industry stakeholders.
  3. Added Services: Training on how to run a successful business, business tools info and advice, alternative dispute resolution, marketing and network opportunities.

At least 10 out of the 11 bodies studied have accreditation criteria to become a member, these include:

  • Fit and proper requirements (e.g. trade references, background checks)
  • Adherence to the body’s code of conduct
  • A trust account for funds belonging to consumers and service providers
  • Membership of a Travel Guarantee Fund or proof of insurance to protect funds belonging to consumers and service providers against fraud or bankruptcy
  • Customer support and complaints management policies and procedures
  • Accreditation may require that all, or a % of travel agents, must hold a designation
  • Some or all travel agents must have a certain number of years’ experience

The South African bodies that have been interviewed have cautioned against the following:

  1. Beware of anti-competitive behavior
  2. Statutory reforms are slow and labour intensive (and government is in flux)
  3. Litigation against voluntary bodies (typically brought by non-members) can sink them
  4. The implications (and, by implication, the benefits) of accreditation as an industry ombudsman in terms of the Consumer Protection Act is currently under consideration by our courts
  5. Formal dispute resolution by industry bodies can be expensive to administrate

Various options are possible in the travel sector space:

slide 15

EXP Regulatory Compliance Consulting will continue their research and stakeholder inputs over the next few months.

Workshops will be held in Cape Town, Durban and Johannesburg for members to provide input, and a survey will be distributed thereafter. After recommendations are presented to the board, voting on the options available will take place at the AGM on 28 September.

This is your chance as a member of South Africa’s travel sector to make your views on regulation heard by attending these workshops, taking part in the survey and voting at the AGM. You are also welcome to provide any other feedback, concerns and suggestions to hannie@asata.co.za

Protect your travel agency! Cyber Attacks hit SA!

A cyber security expert has warned that a global cyber ransom attack has spread to South Africa this week.

”We need people to understand that they must not open mail or attachments from senders they do not know,” Roi Shaposhnik of Johannesburg-based Gold N’ Links Cyber, was quoted in News24.

Describing it as the biggest cyber-attack in history, Shaposhnik said syndicates around the world targeted a weak spot in Microsoft security updates which lead to a massive crash. This type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data.

Microsoft released a patch (software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

The ransomware demands users pay $300 (R3 924) worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

How can you protect your computer and your travel agency from cyber-attacks and hackers?

  1. Be careful on social media

Shaposhnik warns people should be cautious on social media because it is not uncommon to track Twitter or Facebook posts to tailor an attack on those platforms. He urged Facebook and Twitter users to keep their accounts closed to all but friends they know, and to not open links from unknown sources.

  1. Be wary of unknown e-mails

Everyone should take extra precaution when opening emails from unfamiliar senders. This includes coupons, vouchers and any discount emails that you were not previously aware of.

  1. Get knowledgeable

Educating the entire company on the different types of cyber risks (e.g. spearphishing, vishing, typosquatting, etc.) goes a long way to protecting your travel agency. This training should be ongoing, as the security threat landscape is constantly changing.

  1. Create SOPs

Create standard operating procedures (SOPs) to minimise the threat of phishing scams and to identify legitimate requests.

  1. Install spam filters

Have strong spam filters in place to minimise inbound malicious emails.

  1. Update software

Keep anti-virus software and firewalls updated 24/7 since hackers are always looking for new ways to infiltrate your computer and network.

  1. Conduct tests

Conduct random testing with mock phishing scenarios.

  1. Back up regularly

Be sure to backup on a regular basis to ensure you always have your files stored on the cloud or an extra external platform.