MATTA Urges IATA Accredited Travel Agencies To Become PCI DSS Compliance

KUALA LUMPUR, 23 November 2017: The Malaysian Association of Tour and Travel Agents (MATTA) is advising IATA accredited travel agencies to comply with the Payment Card Industry Data Security Standard (PCI DSS) as required by the International Air Transport Association (IATA) to protect customers’ confidential payment card information against cyber theft.

MATTA Vice President of Air Transportation, Prathaban Narayanan said, “customers’ payment card information that is being processed is of a very sensitive nature. Agents need to treat such sensitive information with high priority to ensure the security of their customers’ data.”

“Global payment brands like VISA, MASTERCARD, AMERICAN EXPRESS are making PCI DSS the de facto and mandatory standard that is applicable across all payment card operators, from banks, payment gateways, service providers and merchants, which include travel agents, to ensure that data security exists within the entire payment ecosystem.”

“PCI DSS is a global initiative. All financial institutions are required to achieve the compliance and cascade the same requirements to all merchants within their network.”
“Agents, especially IATA Accredited Travel Agencies are required to become PCI DSS compliant.”

“IATA recognises the importance of sensitive data protection, thus advocating compliance at a global level. The implementation and conformity towards PCI DSS will help to ensure that all IATA registered agents are following best practices to protect their data – in turn giving good security assurance to their customers.

“Agents are not required to spend RM 4,000 to RM 10,000 to attend any courses to obtain a ‘license’ to operate by using PCI DSS. The PCI DSS is a free and open standard. It is published and maintained by the PCI Security Standard Council and is available for free via online download. There is no ‘licensing’ required for usage as the standard is to be used as a guideline for credit card merchants.”

“The PCI DSS is designed to be applicable across organisations of various sizes where potential data theft, fraud and cyber-attacks might occur. Based on statistics, card processing parties that face the highest card data loss and fraud are smaller business operators and merchants. Bank Negara Malaysia has been issuing memorandums to remind banks to maintain PCI DSS compliance to avoid these risks,” he added.

MATTA is actively conducting nationwide PCI DSS briefings and awareness workshops for its Members to help prepare them for the implementation of IATA’s new system called the NewGen ISS (IATA Settlement System) which will replace the current BSP (Billing and Settlement Plan). The impending release of IATA’s replacement of the BSP system scheduled for 1 March 2018 is built to accommodate all ticketing agents.


Vice President Air Transportation, MATTA
Term 2017 - 2019