We've been participating in some travel-oriented events lately, and we were surprised at how many visitors lined up to speak to us about how to become PCI compliant.
We suppose that some organizations handle so much payment card information daily, that they may lose sight of the risks involved. Certainly those in hospitality, with publicized breaches appearing in the media, don't fall in that category: they're well aware that they need to be PCI compliant, or face some heavy penalties and a damaged reputation.
Until very recently only larger technology companies in the travel industry supply channel have been required to have their systems validated by acquirers in accordance with PCI DSS guidelines. With Visa's recent announcement, from January 2017 even small OTAs, Channel Managers and Booking Engines will be affected. This means if a company does not have an accredited solution in place then they should start planning one immediately.
Channel Managers play an important intermediary role in the supply chain. They continuously receive payment card data from multiple Online Travel Agencies through an automated process using push and pull methodologies.