Dear Travel Agents:

Understanding that compliance with the PCI DSS framework may be a complicated task for your agency, the Passenger Agency Conference Steering Group (PSG) on behalf of the Conference, has endorsed the following changes to the effectiveness of the PCI DSS requirements under Resolution:

  • The Resolution will still be effective from 1 June 2017 as PCI DSS compliance remains a critical requirement for the Passenger Agency Program. However, it is recognized that the process of becoming compliant with the PCI DSS framework can be complex and lengthy, and therefore compliance with those requirements will not be proactively enforced by IATA at this stage. 
  • All PCI DSS provisions will become effective and proactively enforced from 1 March of 2018. This effective date aligns with the planned implementation date for NewGen ISS here PCI DSS compliance is an integral part of the resolution rules.

Please note that under the NewGen ISS program, you will need to be PCI DSS compliant to have access to credit card as a form of payment. Read the full letter here.

ACTA has created a PCI resource for ACTA members to help you to become PCI compliant, click here to visit the toolkit.