Is your business connected with tourism? Are you a representative of a travel agency or tour operator? Or, perhaps, you are just planning to enter the travel business market and now working on the plans and strategy? Be sure to read this article, you will require a very few minutes. With this information you will avoid the mistakes which lead to losses.

We receive calls from the travel agency owners and tour operator representatives with a request to help undergo the fast PCІ DSS standard certification.

Of course, our customers have a lot of questions:

– How to get the PCІ DSS certificate?

– How much time does it take?

– How much will it cost?

– What should it be expected in the future if not to undergo this certification?

And many other different questions but all of them run around one topic – how quickly, qualitatively and cost effectively can travel agencies and tour operators undergo the PCІ DSS standard certification?!

Our specialists have got together all the big guns and wrote this informative article with the only purpose – to clarify all the nuances and subtleties of how to complete the PCІ DSS standard certification.

First things first.

Everyone who works in the travel business knows that there is an International Air Transport Association (IATA).

The IATA is a non-commercial organization that includes over 265 airlines, which in turn carry out about 83 percent of all international flights (data for 2016).

We won’t specify all the IATA‘s activities, let’s only sum up: with the help of IATA services, there is an arrangement of mutual settlements between airlines, airline reservation, airplane reservation and other services related to the air transport.

And now the most important information!

In 2016, the IATA has put forward a requirement for all travel companies which work in their online booking system.

This requirement is quite simple: all the IATA system participants must undergo mandatory certification for compliance with the PCІ DSS standard till March 1, 2018.

This is a very reasonable requirement. In this way, the IATA demonstrates that it concerns about its customers’ money.

And then the question arises: what is this PCI DSS standard all about?

Is your business connected with tourism? Are you a representative of a travel agency or tour operator? Or, perhaps, you are just planning to enter the travel business market and now working on the plans and strategy? Be sure to read this article, you will require a very few minutes. With this information you will avoid the mistakes which lead to losses.

We receive calls from the travel agency owners and tour operator representatives with a request to help undergo the fast PCІ DSS standard certification in Ukraine.

Of course, our customers have a lot of questions:

– How to get the PCІ DSS certificate in Ukraine?

– How much time does it take?

– How much will it cost?

– Where is it cheaper to undergo the PCІ DSS standard certification – in Ukraine or in another country?

– What should it be expected in the future if not to undergo this certification?

And many other different questions but all of them run around one topic – how quickly, qualitatively and cost effectively can travel agencies and tour operators undergo the PCІ DSS standard certification?!

Our specialists have got together all the big guns and wrote this informative article with the only purpose – to clarify all the nuances and subtleties of how to complete the PCІ DSS standard certification in Ukraine, Kyiv.

First things first.

Everyone who works in the travel business knows that there is an International Air Transport Association (IATA).

The IATA is a non-commercial organization that includes over 265 airlines, which in turn carry out about 83 percent of all international flights (data for 2016).

We won’t specify all the IATA‘s activities, let’s only sum up: with the help of IATA services, there is an arrangement of mutual settlements between airlines, airline reservation, airplane reservation and other services related to the air transport.

And now the most important information!

In 2016, the IATA has put forward a requirement for all travel companies which work in their online booking system.

This requirement is quite simple: all the IATA system participants must undergo mandatory certification for compliance with the PCІ DSS standard till March 1, 2018.

This is a very reasonable requirement. In this way, the IATA demonstrates that it concerns about its customers’ money.

And then the question arises: what is this PCI DSS standard all about?

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard was developed by the Payment Card Industry Security Standards Council (PCI SSC) which was established by such international payment systems as Visa, MasterCard, American Express, JCB and Discover.

The PCI DSS standard is a set of security requirements for the cardholder data that are stored, transmitted and processed in the information infrastructures of organizations.

In layman’s language we can say this way: your travel company needs the PCI DSS certificate in order to ensure the customers’ data and money security during the card payments (Visa, MasterCard and so on).

Without this certificate there is a good chance that these data can be seized by intruders in order to embezzle the funds.

Let’s simulate the situation.

A certain travel agency has accepted the card payment from a client for the air tickets.

The satisfied client flew off on vacation. In a few days, quite unexpectedly, he receives a text message telling that his bank account is debited. On what ground and who did that is clear as mud.

He is trying to find out what happened, and he realizes very soon that he was scammed. In further consideration of this situation, it appears that his data leakage has happened during the airline reservation.

And then the other questions arise. Will the IATA continue to cooperate with this travel agency? Will other clients contact this agency to order travel services?

Probably not.

This travel agency will face troubles and losses.

In order to avoid such cases, the IATA puts forward its demand: all the IATA system participants must undergo mandatory certification for compliance with the PCІ DSS standard till March 1, 2018.

If the travel company or tour operator completes certification according to the PCІ DSS standard, they will be able to book and sell the flight tickets. After March 1, 2018 the IATA will cease to provide its services to all companies that haven’t completed the PCI DSS standard certification.

The consequences of failure to comply with the IATA‘s requirements are negative: penal sanctions, service commission increasing or full online booking scram.

The PCI DSS certificate availability shows that your customers can be sure that they will not lose their money when paying for the services of your company by plastic cards.

There is the only and very simple conclusion: all travel companies and tour operators should have the certificate of compliance with the PCI DSS standard.

There are more than 250 companies in Ukraine that are required to get the PCI DSS certificate.

Unfortunately, many travel companies may miss the deadline (March 1, 2018) for undergoing the PCI DSS certification.

Why?

The reason is there are very few authorized auditors in Ukraine who can issue the PCI DSS certificate.

Our company is one of the few with the help of which a travel company or tour operator can quickly and qualitatively complete the PCI DSS standard certification in Ukraine.

The main Ukrainian tourism market players are the small companies that conduct several operations a month using their clients’ payment cards, and these companies usually recruit no more than 20 employees.

For the special benefit of such agencies, our company has developed an accelerated procedure for undergoing the PCI DSS standard certification.

For such companies, the process of getting the PCI DSS certificate turns into a simple filling in the online questionnaire. After you have successfully completed the questionnaire, it will take no more than 5 business days before your travel agency will get the PCI DSS certificate. That way you will fulfill the IATA‘s requirements.

Even if you have a very small company and you book the flight tickets for your customers, you will have to meet the IATA’s requirements and undergo certification for compliance with the PCI DSS standard.

We have a lot of small travel companies as our customers. They employ only 2-5 people. The companies’ business is related to the airline reservation. They understand how important it is to meet the IATA‘s requirements. Therefore, they have successfully undergone the PCI DSS standard certification.

Our clients don’t need to spend spare money and time for the certification in another country. They know that IT-SPECIALIST offers a full range of services for the PCI DSS certification in Ukraine.

Do you need to get the PCI DSS certificate in Ukraine?

Fill out the contact form on this web-page and you will get a preliminary advice totally free of charge.

By Oleksandr Kuberskii and Katerina Starchak
IT Specialist