Alex Fitzpatrick

How PCI-DSS compliance will help our customers

June 29, 2018

In an economy which is increasingly powered by data, securing their data is a priority for all our customers. We’ve made sure that all our products have been upgraded to be PCI-DSS compliant, to protect our customers and help them combat fraudsters.


Fraud in the card and payment industry is costing the airline sector $1Bn per year and rising. The payment industry has   designed security regulations and policies to protect cardholder data, such as PCI DSS.  The travel industry could be considered high risk for fraud due to the sensitive nature of the data transferred within the process of a normal travel booking, including personal and payment details. Consequently, our products needed to be PCI compliant, including adhering to a newer protocol called Transport Layer Security (TSL) 1.2.


Transport Layer Security 1.2. is an encryption protocol that provides communication security and data integrity between two applications that require data to be exchanged over a network. It’s a protocol that is widely used today and is a higher level of security protocol to be in line with PCI-DSS.


In October 2017, Travelport began to incorporate TSL 1.2. in all our products.


All Travelport’s online agency customers had to complete a series of software upgrades to ensure completion of the installation of TSL1.2 encryption.  At the completion of the project on 16 May 2018, 99.9% of Travelport’s more than 68,000 Travel Agent customers operating across 180+ countries, had made the migration to TSL 1.2.  Plans are in place to manage the transfer of the remaining few.


As an industry managing sensitive data, we know it’s imperative to keep technology solutions sustainable and ensure they meet the needs and provide all the products our customers value, from a friendly user experience to compliant card payment processing.


Upgrading to TLS1.2 also enables our customers to successfully pass PCI DSS certification, which is best practice for any business that accepts or handles cards or card data. Additionally, the governing body of airlines IATA, endorsed a resolution, which became effective in 2018, that all IATA Agents would be required to provide proof of PCI DSS compliance to continue to issue tickets on behalf of airlines where a card is used as payment. Travelport partnered with SecurityMetrics, a leading provider of compliance services to provide these services and PCI DSS Certification as simple as possible and at very competitive rates, using a specifically designed self-service tool.