Travel Industry Review - USA,UK, GER, GLO example page - Flipbook - Page 6
The survival of your business
depends on being compliant
By Otto de Vries, Association of Southern African Travel Agents CEO
IT is getting harder, not easier, to work in travel. And in 2018, it
is all coming to a head.
The gentle warnings South Africa’s travel sector received over
the past few years to comply with PCI DSS - Payment Card
Industry Data Security Standard – and PoPI – Protection of
Personal Information Act – have now become red alerts.
The travel industry is working hard to become compliant, but
a recent PCI DSS readiness survey conducted among members
of ASATA indicated that fewer than 40 percent of those polled
admitted they would be compliant by IATA’s March 1 deadline.
The industry recognises that both PCI DSS and PoPI make
business sense. That these are necessary additions to the travel
landscape and are there to protect our customers, our employ-
collecting, handling and storing a customer’s data. ASATA has
urged owners and managers to enroll staff in the association’s
training initiatives as part of the ASATA Professional Programme so that they can assist in essential compliance.
Failure to do so may result in a fine, arrest or, worse, the closure of one’s business.
Whether you are ready or not, PCI DSS and PoPI will be the
new normal in the very near future. ASATA’s role is to help get
all relevant staff on board and to embrace the opportunities
that come with compliance.
Let’s work together to position ourselves even more as consumer-friendly and the champions in protecting our customers
from data breaches and fraud.
“The gentle warnings South
Africa’s travel sector received
over the past few years… have
now become red alerts.”
Otto de Vries, ASATA
ees and travel companies. Compliance further enhances the
unique selling proposition of travel companies; we look after
our customers’ privacy and data because we are compliant and
so you should trust us with your business.
Our very survival depends on our ability to adopt responsible
data protection and privacy practices, in an environment where
fraud – both internal and external – becomes a greater threat
The whole premise behind PCI DSS is to protect card data
from hackers and thieves. Under the new standard, scribbling a
customer’s credit card details on a post-it note would no longer
be acceptable. Collecting, storing, using and discarding data
becomes something that must be done in a secure and safe way.
And it is the same when it comes to PoPI.
ASATA recognises its role in supporting the travel industry to
comply with local and international legal and industry requirements and will be rolling out a series of workshops and webinars tackling the topics of PCI DSS, POPI, data security and
fraud, providing expert advice to help members prepare their
businesses for this new reality. Along with these webinars and
workshops will come resources with tips and frequently asked
questions that can be used as a handy reference by travel firms
re-engineering how they store and use data so that they ensure
100 percent compliance.
The onus to comply rests not only with the owner or manager
of a travel business. It falls on every staff member involved in
6 Travel Industry Review | April/May 2018
Following the news that Hilton is to follow Marriott
International to reduce agency commissions from 10
to seven percent on October 1, the American Society
of Travel Agents expressed disappointment over the
devaluation of the relationship and made a veiled
threat that it intended to defend the role of travel
agents by highlighting suppliers, whose business
practices recognise agents’ value. This was happening, the association said, at a time when consumer
usage of travel agents was on the rise in the US. It
is also to raise concerns over supplier consolidation
with the government.