Just You launches travel trade solo experience

Just You launches travel trade solo experience

Friday, 21 October 2016 14:00

Just You h...

Spontaneous people are happier according to Snaptrip survey

Spontaneous people are happier according…

Friday, 21 October 2016 11:00

Spontaneous people are often believed to lead more exciting or glamorous lifestyles and a new study has confirmed that they are happier in all aspects of their lives.

Top Brighton attractions on Combi-Saver tickets for half term

Top Brighton attractions on Combi-Saver …

Friday, 21 October 2016 09:00

Visitors to Brighton this October half term can save up to 20% on its top three paid-for attractions with combination tickets now available for British Airways i360, SEA LIFE Brighton...

Free cabin upgrades with Cosmos Tours

Free cabin upgrades with Cosmos Tours

Thursday, 20 October 2016 14:00

There still’s time for agents to book a Croisieurope river cruise for their customers with a free cabin upgrade on a range of river cruises throughout Europe, when booked with...

Last minute autumn breaks available at Haven

Last minute autumn breaks available at H…

Thursday, 20 October 2016 11:00

Agents can still give their customers a last minute family break this autumn from £99 when booking a Haven holiday between now and November 5.

Skiers urged to head east for best piste costs reveals new report

Skiers urged to head east for best piste…

Thursday, 20 October 2016 08:00

Cash-conscious skiers can avoid the slippery slope of higher prices for their annual downhill trip by heading to ski resorts in Eastern Europe.

Design an anniversary poster for DFDS competition

Design an anniversary poster for DFDS co…

Wednesday, 19 October 2016 14:00

Ferry operator, DFDS, is putting out a call to professional and amateur artists to create a poster that will be used in their 150th anniversary celebrations this year.

Savings on worldwide adventures with Explore

Savings on worldwide adventures with Exp…

Wednesday, 19 October 2016 11:00

Explore has launched a new collection of worldwide adventures with a launch offer of up to 10% discount on all new trips booked by November 7.

New route to Seattle makes it one to watch for 2017

New route to Seattle makes it one to wat…

Wednesday, 19 October 2016 09:12

Seattle is expected to be one of the fastest growing US destinations for UK travellers next year with a Virgin Atlantic direct non-stop daily flight launching March 2017, new hotel...

Air Transat launches 2017 programme with increased connections across Canada

Air Transat launches 2017 programme with…

Tuesday, 18 October 2016 14:04

Air Transat has expanded its programme of flights from the UK to Canada with increased capacity and connections for travel in 2017.

Oceania Cruises reduces single supplement fares

Oceania Cruises reduces single supplemen…

Tuesday, 18 October 2016 14:02

Oceania Cruises has launched a reduced single supplement promotion for solo travellers, with guests offered single supplements fares from 25% on seven itineraries, booked before December 31.

Mall of America welcomes arrival of MythBusters

Mall of America welcomes arrival of Myth…

Tuesday, 18 October 2016 14:00

Running throughout autumn until January 15, 2017, visitors can ignite their curiosity and discover whether they can really huff and puff to blow a house down; if running in the...

Emirates to launch new daily service to Fort Lauderdale

Emirates to launch new daily service to …

Monday, 17 October 2016 11:00

Emirates has announced that it will launch a daily service between Dubai and Fort Lauderdale-Hollywood International Airport, on December 15, serving the South Florida area, including Fort Lauderdale, Miami and...

New tours in UK & Europe from Back-Roads Touring

New tours in UK & Europe from Back-R…

Monday, 17 October 2016 08:42

Small group tour specialist Back-Roads Touring has launched its summer 2017 brochure to reveal a unique line up of new itineraries in Switzerland, Scandinavia, the Baltics, France, Iberia and Russia.

Star studded cruise line up from CMV in 2017

Star studded cruise line up from CMV in …

Friday, 14 October 2016 10:16

Cruise & Maritime Voyages has announced five star-studded cruises for 2017 following the arrival of its new main brochure.

Non-stop flights to Manchester from SIA

Non-stop flights to Manchester from SIA

Friday, 14 October 2016 10:11

Singapore Airlines will fly non-stop between Singapore and Manchester from October 30 as part of its northern winter schedule.

All travel businesses need to get serious about true compliance to the ten year old global PCI DSS (Payment Card Industry Data Security Standard) because of the introduction of the new EU General Data Protection Regulation (GDPR) which will become pan European law in March this year and will become enforced in early 2017.

The GDPR fines (the larger of 4% of global annual turnover or 20 million Euros) will not only supersede the PCI DSS fines but more importantly the GDPR will enforce public reporting of any PCI DSS breach potentially forcing business closure. The PR nightmare from such a publication could well outstrip the cost of the GDPR fines.

All sectors of the industry taking credit card face-to-face, internet, phone, fax or email payments are impacted.

The travel industry has a number of challenges when attempting to comply with PCI DSS. The most challenging environment is that of the hotel reception and the high street travel agent where staff have to multi-task in terms of taking payments by phone, fax, email, mail and face-to-face. Concepts such as a paperless environment to stop an employee writing down a credit card number are just impractical and unworkable. It is therefore important to minimize the exposure of credit card details to staff and have strong security policies forbidding the writing down of credit card details onto paper.

So how can a travel trade business minimize exposure to credit card details? Let’s first look at telephone payments.

It is important not only to keep these details from being written down but ensure that these are protected against hackers getting access to this sensitive data. The most cost effective protection to secure phone based payments is to use a SaaS (Software as a Service) security service that affords the ability to capture the card details without exposing them to the local machine or network.

Rather than employees typing card details using their keyboard they are presented with the Virtual Keypad (see image). Using their mouse they click on the rotary keypad entering each credit card digit. As the digit 0 is initially placed in a random position it is not possible to correlate any mouse click coordinate to a specific digit.


As the SaaS security service prevents a hacker getting access to any screen images it is impossible to reverse engineering (reconstruct) the mouse click coordinates back to the credit card number. The Virtual Keypad although accessed locally actually runs remotely in a highly secured PCI Certified hosted environment.

Here the secured credit card details can either be used to process the payment or stored for subsequent payment. In the latter case a unique identifier with the same first six digits (the BIN representing the issuing bank of the credit card) and the last four digits is generated and commonly referred to as a token. This ‘Token’, which has no value to a hacker, can be returned back to your business to process future credit card transactions. Keeping the first six and last four digits is very helpful as you can ask your customer would they like to use, for example, their Barclaycard ending in 1234.

In effect, by ensuring the credit card details are not exposed to the desktop or its local network it has been possible to de-scope these environments from PCI DSS negating the significant cost and risk of securing this data locally. This is the same philosophy as adopted by most merchants in their brick and mortar businesses and ecommerce where they have adopted P2PE (Point to Point Encryption) and Tokenization respectively to again ensure their businesses are never exposed to credit card details.

This is also possible for email, mail and fax based payments.

For each of these communications which include credit card details there are PCI certified service providers who have the capability of intercepting these communications and substituting card details with tokens. Images or texts are then provided with these tokens which are out of scope from PCI DSS. At the point of requiring the processing of a payment the token can be used. These hosted PCI services simply reverses out the token for the original credit card number.

The EU GDPR is going to make the total compliance of the PCI DSS essential for all travel businesses processing credit card payments by the start of 2017. Travel businesses need to adopt PCI de-scoping strategies ensuring the minimal exposure to credit card data to eliminate the risk of any breach which, from 2017, will have business critical consequences.

twn Are you sure that you want to switch to desktop version?