Main IATA navigation

Payment Card Industry Data Security Standards (PCI DSS)

PCI DSS were developed by the Payment Card Industry Security Standards Council. They provide common data security standards on a global basis to protect confidential payment card information against theft.

Compliance to PCI DSS is mandated by the International Card Payment Schemes. But it is also a sound business practice. It protects your clients, avoids card fraud, secures your business reputation and removes the risk of fines and fees due to non-compliance in the event of a compromise.

What IATA does about PCI DSS compliance

Airlines have demanded that IATA support their own internal compliance project by making the BSP card sales channel PCI DSS compliant. The project also includes making compliant the industry communication channels. In addition, IATA addresses issues where card number is used as FOID (Form of Identification) or as FOP (Form of Payment), and develops recommendations for self-service devices (airline kiosks deployed at airports and other locations) that are using card numbers as FOID or support card payments.

In addition, IATA demands that all its service providers maintain at all times a PCI DSS compliant status, and supply every year a valid PCI DSS compliance certificate.

How airlines and Travel Agents can become PCI DSS compliant

You will find all relevant information about PCI DSS on the following websites:


Need Help?

Contact us

Our mission is to represent, lead and serve the airline industry

Additional information