18th August 2023
It is imperative for travel companies to be trusted by travel shoppers, and one critical facet is protecting customer data and at the same time being responsive to the dynamic nature of payments.
For travel e-commerce companies, as they gear up new developments in the payment data security arena, they have to make transition to PCI DSS v4.0. This is important considering the fact that card transactions must abide by the Payment Card Industry Data Security Standards (PCI DSS) framework and maintain PCI DSS compliance. Convenience and choice are fine, but security when it comes to payments in a must.
The new version, PCI DSS v4.0, replaces a previous version (PCI DSS v3.2.1) which is also valid, but only until 31 March 2024. Under scrutiny is anything related to storing, processing, or transmission of cardholder data as well as sensitive authentication data. Changes in in PCI DSS v4.0 include updated firewall terminology to network security controls to support a broader range of technologies, multi-factor authentication (MFA) for all access into the cardholder data environment, new e-commerce and phishing requirements to address ongoing threats etc.
PCI DSS features technical and operational requirements devised to shield card data. It affects all the organisations involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers.
Companies are being advised to identify potential weaknesses in their security strategy and compliance initiatives.
The principle PCI DSS requirements:
- Build and maintain a secure network and systems
- Protect account data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
How is the preparation coming along?
Hear from specialists at the upcoming #ATPSAPAC in Bangkok (22-23 August):
By Ritesh Gupta, Ai Events
