At least 70 members of Philippine Travel Agencies Association (PTAA) gathered at the World Trade Center, Pasay City last 15 December 2017 for the Payment Card Industry Data Security Standard (PCI-DSS) Compliance Seminar held by ECC International, in partnership with Crossbow Labs and PTAA.
Mr. P.K. Narayanan, resource person from Crossbow Labs, focused his discussion on what PCI-DSS is, the reasons travel agents may need compliance, the different types of compliance, and what the compliance requirements are. This was then followed by an open forum.
Founded jointly by a pool of international major credit card companies (American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.), PCI-DSS aims to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. When payments for travel services are accepted by cards, face-to-face or non-face-to-face, PCI-DSS becomes applicable. Airlines have demanded International Air Transport Association (IATA), the regulating body for travel agents, to support their own internal compliance project by making the Billing and Settlement Plan (BSP) sales channel PCI-DSS compliant. Hence, IATA-accredited agents now need to comply with PCI-DSS.
Crossbow Labs functions globally with a pool of consultants and partners. The team constitutes of Information Security practitioners who have certified organizations on PCI-DSS, ISO 27001, BS 10012 and various other regulatory compliances, which are required by organizations in various countries. They have their own qualified consultants and PCI-Qualified Security Assessors (QSA) who are vastly experienced in conducting certification audits.
ECC International, Crossbow Labs’ local partner in the Philippines, aids organizations aiming for PCI-DSS certification in determining applicable PCI-DSS Self-Assessment Questionnaires (SAQs) and in laying out appropriate compliance and certification proposals.