Data breaches and cyber-attacks have sadly become a worrying and very real concern for businesses across all sectors; the travel industry is no exception.
Personal identity and payment card data appear to be the prime targets for unscrupulous hackers and, with the number of purchases being made via credit or debit cards more than doubling over the last decade, any organisation that processes sensitive card data has become a target.
As such, businesses that manage bookings via a call or contact centre are facing increasing pressure to make sure transactions are safely handled, and the way in which payment data is handled is done so in a compliant way, to protect all parties involved.
In fact, this pressure is being compounded, due to the forthcoming change in data protection legislation which comes into force towards the end of May 2018: GDPR.
The way in which businesses pass, store and process customer information will be under increased scrutiny and failure to comply could result in significant penalties of up to €20 million or 4% of annual turnover.
While compliance with the GDPR is considered relatively new, it is worth remembering that the Payment Card Industry Data Security Standard (PCI DSS) has been in place since 2004 to support businesses in maintaining strict and diligent data security procedures.
In our view, adhering to the PCI DSS offers the most practical first step as we embark on the journey to comply with the very latest rules. In doing so, it will ultimately help travel firms stay one step ahead of the curve when it comes to the continually evolving pressure of information privacy.
It has been designed to govern the protection and handling of cardholder data and seeks to reduce fraud. While the standard applies to web-based customer service, it also includes more traditional methods, such as telephone-based contact centres.
The good news is that help is at hand for businesses seeking guidance on matters related to PCI DSS compliance – we have experts available to guide you on your journey towards full compliance, offering peace of mind to both you and your customers that sensitive data is being handled in the most safe and compliant way. To get in touch simply contact us.