It’s been a tough time for the travel industry as of late. Since April last year there’s been a string of high-profile data breaches announced, these include Delta Airlines, British Airways and Marriott Hotels. So, how can the industry respond to minimise the risk of a breach? To answer this, let’s look at what we know from these data breaches in more detail.
In April 2018, news broke about the Delta Airlines data breach through its online chat services. This included customer payment information. Shortly afterwards, British Airways announced a data breach of its app and web services which included credit card details. What this shows is that it’s not just the storage of sensitive information that is subject to cyber-attacks, it’s also the payment process. Recently, the records of 500 million customers of the hotel group, Marriott International, were also involved in a data breach. The hotel chain said the guest reservation database of its Starwood division had been compromised.
PCI DSS requires cardholder data to be encrypted when in transmission, along with maintaining firewalls and up-to-date antivirus software. This does go a long way in preventing a breach, however its apparent that this is no longer enough. But it’s not just the risk of a breach that needs to be considered. The General Data Protection Regulation (GDPR) has been in effect for almost five months. As mentioned by Tony Smith, PCI DSS and the GDPR sit on the same branch, so a breach of PCI compliance is a breach of the GDPR. The repercussions of this can be fines of up to 4% of global turnover, not to mention the damage to reputation and therefore revenue and to the value of the company. Not only this, IATA now requires accredited travel agencies to be PCI compliant. In the face of tightening regulations, it seems that one answer is rather than focusing on keeping the hackers out, ensure there is no data for them to take in the first place. Taking the contact centre as an example, which is a hotbed of data and a prime target for hackers, solutions such as Agent Assist work by ensuring no sensitive credit card data enters the environment. Of course, this won’t prevent all breaches. But given that 76% of attacks are financially motivated it begs the question; can the travel industry afford not to de-scope?
Get in touch with one of our experts to discuss the benefits of descoping your contact centre.