PCI DSS Work Group (PDWG)
The PDWG was established by the Joint Passenger Service Conference (JPSC) in October 2009 to investigate the following areas:
- Identify all instances where a card number is transmitted for purposes other than payment in industry messages
- Develop proposals with a view of halting transmissions where a card number is transmitted for purposes other than payment in industry messages
- Identify instances where self-service devices are using a card number as a form of identification (FOID)
- Develop recommendations for self-service devices that are using a card to identify the passenger
- Develop recommendations for self service devices that must support card payment
- Liaise with other industry groups relevant to the development of industry standards, e.g. Reservations Committee, BDISG, Revenue Accounting, Airports Services Committee and the Ticketing Committee
- Create an industry standards implementation plan
Who is part of the PDWG?
The PDWG is open to all ATA/IATA member airlines and members of the IATA Strategic Partnership Programs with a specific interest in this activity.
What are the main topics being addressed by the PDWG?
Subgroups have been set up to concentrate on specific issues:
- Card number as FOID has tabled an agenda item to the Ticketing Committee inviting it to consider amending the PSC standards so that card number as FOID be truncated as per PCI recommendation: 1234 56XX XXXX 7890. The same item will be submitted to the Reservations Committee, the Departure Control Systems Management WG and ultimately to the JPSC (October 2010) for final decision.
- Card number as FOP is studying whether the card number needs to be passed to the interline partner and whether alternative information could be used to provide data for Frequent Flyer Programs.
- CU-PCI (Common Use) is working on standards for airline kiosks and other shared equipment, addressing both card number as FOID or FOP as well as the requirement to support Chip & PIN and other standards for accepting card payment at common use equipments deployed at airport environments).
For more information, please contact the PCI DSS team