At the urging of the Association of Canadian Travel Agencies, IATA postponed the deadline for travel agencies to comply with the Payment Card Industry Data Security Standard from June 1, 2017, to March 2018.
ACTA said its members needed more time and clarity around compliance requirements.
PCI DSS outlines the technical and operational conditions to preserve payment card security.
It was developed by major credit card companies to protect confidential payment card information against theft.
All entities that store, process and transmit payment card data are required to adhere to PCI security standards.
PCI DSS compliance will be a mandatory condition to obtain and retain accreditation as an IATA Accredited Agent in all its accredited locations under the Passenger Sales Agency Rules in Resolution 818g.
ACTA will present a webinar on July 19 at 1 p.m. central daylight time that will cover the PCI compliance levels and how agencies can become compliant.
Travel agencies in the US are not necessarily required to comply with the standard.
However, the Airlines Reporting Corp. recommends that agencies that have their own agreement with a bank card processor or an acquiring bank should contact their merchant representative to confirm their merchant level and recommended compliance validation requirements, such as a self-assessment questionnaire or quarterly scanning.