PCI DSS compliance – Don’t fear it, but don’t ignore it!

We don’t need to tell you that the risk of fraud associated with payment card transactions and potential data breaches has been rife over the past few years.

To ensure safer transactions, IATA is expecting Accredited Travel Agents operating within the BSP to be compliant with the Payment Card Industry (PCI) and the Data Security Standard (DSS).

Effective 1 June 2017, PCI DSS compliance will even be a mandatory condition to obtain and retain accreditation as an IATA Accredited Agent under the Passenger Sales Agency Rules in Resolution 818g. 

Important to note that this requirement has not emerged out of the blue. For many years, ASATA has been including a notification on this in its membership renewal documentation

In the interim, ASATA is working with the WTAAA and IATA to ascertain exactly what IATA’s requirements are with regards to PCI DSS and will make every effort to assist our members in their efforts to be compliant. 


Credit card companies have compiled the PCI Data Security Standard to enhance payment card security. All entities that store, process and transmit payment card data are required to adhere to PCI security standards, which are the technical and operational conditions to preserve payment card security.


We understand that the PCI DSS compliance process may in some cases be complex. Depending on the nature and the size of your business, the process can vary. 

Our advice would be as an initial step: 

Approach your financial institution if you are a merchant and process transactions through your local Point of Sale (POS).

If you are not a merchant and only process credit card transactions through the GDS (the airline’s merchant), we suggest that you contact every credit card brand that you are working with individually, in order to find out the compliance process applicable to your agency.

For more information to help you understand the importance of PCI DSS compliance for your business and guide you through the first steps that you will need to take, please visit the dedicated PCI DSS website: