We've been participating in some travel-oriented events lately, and we were surprised at how many visitors lined up to speak to us about how to become PCI compliant.
We suppose that some organizations handle so much payment card information daily, that they may lose sight of the risks involved. Certainly those in hospitality, with publicized breaches appearing in the media, don't fall in that category: they're well aware that they need to be PCI compliant, or face some heavy penalties and a damaged reputation.
Until very recently only larger technology companies in the travel industry supply channel have been required to have their systems validated by acquirers in accordance with PCI DSS guidelines. With Visa's recent announcement, from January 2017 even small OTAs, Channel Managers and Booking Engines will be affected. This means if a company does not have an accredited solution in place then they should start planning one immediately.
Channel Managers play an important intermediary role in the supply chain. They continuously receive payment card data from multiple Online Travel Agencies through an automated process using push and pull methodologies.
In an interview with the Information Security Media Group on Monday (December 1st), Nathalie Reinelt warned that merchants and other payment processors will still have significant security risks to contend with following the adoption of the EMV (Europay, MasterCard and Visa) standard, which the federal government has committed to speed up over the next few months.
Despite their nature as top targets for hackers, the hospitality and healthcare sectors are among the world's most laggardly when it comes to cyber security awareness.
The findings of a new study from a UK-based payment processor should come as alarming news to the tens of millions of consumers whose card numbers were compromised in cyber attacks this year.