Payment Card Industry Data Security Standard Implemented in Turkey: A Must-Know for Travel Agents

The Payment Card Industry Data Security Standard (PCI DSS) has been introduced in Turkey, a global data security standard designed to protect confidential payment card information. The standard aims to ensure that all travel agencies handling customer credit card transactions comply with its guidelines.

What You Need to Know

• The PCI DSS is a global data security standard designed to protect confidential payment card information.
• All travel agencies handling customer credit card transactions must comply with the PCI DSS requirements.

Implementation Timeline

• As of November 2022, travel agents have started receiving informative warning messages.
• By February 1, 2023, travel agencies that fail to meet the PCI DSS requirements or declare they do not handle customer credit card transactions will be assigned a risk event.
• Travel agents are advised to check their location codes for compatibility with PCI DSS standards by February 2023.

Consequences of Non-Compliance

• Failure to comply or declaring non-regulation of credit card transactions while processing customer credit card payments will result in subsequent warning messages.
• After the third warning, a risk event will be assigned to the agency, which will remain recorded in its risk history for 12 months.

What Travel Agents Can Do

• Refer to the table provided by the Association of Turkish Travel Agencies (TÜRSAB) to learn more about the necessary actions.
• Contact IATA through the customer portal for further inquiries and guidance.

Take Immediate Action

With this new provision, it is essential for all travel agencies in Turkey to take immediate action and ensure compliance with the PCI DSS standard to avoid any potential risks and consequences. By understanding the requirements and timeline for implementation, travel agents can minimize disruptions and maintain customer trust.