What is the PCI DSS
-The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store, or transmit credit card information maintain a secure environment.
Requests from IATA for agencies
Under the Passenger Sales Agency Rules, all IATA Accredited Agents must ensure their full compliance with the Payment Card Industry Data Security Standards (PCI DSS).
Documentation from Thomalex
Thomalex uses this standard and thus provides users with secure payments through its platform.
In the attachment, you can find documentation that is necessary for the agency to send to the IATA, and to provide them new Attestation of Compliance to indicate the company’s compliance as soon as possible.
If some agencies fail to submit renewed compliance certification, in accordance with the provisions of the IATA Passenger Sales Agency Rules, they will have no alternative but to send you the Administrative Non-Compliance.
In addition, the Credit Card form of payment will be disabled for the agency if no valid Attestation of Compliance will be received within 30 days of the Administrative Non-Compliance.
Such restriction will remain in place until valid and accepted by IATA evidence of your agency's PCI compliance has been received by IATA.