Remember to PCI DSS Compliant

PCI DSS Compliance is on everyone’s lips at the moment.  In a nutshell, PCI DSS is a method to securely store and use your clients’ credit card information thereby reducing any potential risk.

It is vital that the credit card information is stored in such a way that minimal access is granted. However, it doesn’t stop there. PCI DSS is also about protecting your documents by making sure your computer’s passwords are strong.

What you can do to try and reduce the risk:

• Do not store credit card dataNot on emails or physically written anywhere
  • If you do need to store credit card details, use a PCI DSS compliant app called Vault Keeper
• Maintain Anti-Virus Software
  • Install Firewalls
  • Do regular scans
  • Update your Anti-Virus and Malware software on a regular basis
• Have strong access measures in place
  • Don’t share your login / password information
  • Make sure your passwords have at least 7+  characters and are made up of both numbers and symbols
  • Change your password every 90 days

The threat of fraud is real

Fraud is rife within the Travel Industry worldwide. Unfortunately, it seems that South Africa, in particular, has become a likely target for shady transactions.

It’s crucial that we are aware of potential threats at all times with most of us being inundated with “spam” emails on a daily basis. It’s no longer true that only Gmail or yahoo accounts should be treated as suspicious; we need to start looking closer to home.

Would consider a referral from a long-standing client of 20 + years as safe?

Do not be fooled, trust no one and remember that it’s business, not personal!

Read the story below   ………………….

I have a wonderful, loyal client who has booked with me for over 25 years.  She referred her beautician to me, who she has known for over 20 years, so this was a good and solid referral. 

The booking was for a group of four young dancers, partially sponsored, including flights and land arrangements to Orlando for December / January. 

The client paid me by EFT and I, in turn, used my credit card to issue the tickets as I couldn’t rebook and didn’t want to lose the seats and/or same fare. Because I was in receipt of the EFT, I was not in a panic, especially as the referral was from a trustworthy source.

Forty-eight hours later the money had still not cleared in my account.  When questioned, the client blamed the bank. After a few days of chasing, the truth emerged.  The client had in fact done an EFT for R0.01 cent and amended the POP accordingly.

The lessons I have taken from this:

1. When you get an EFT, check your bank daily and don’t send the e-tickets to the client until the actual payment is made. I have a great relationship with my bank and have a business banker whom I email regularly. He made contact with the client’s bank so we could get to the bottom of the problem quicker.
2. Know how to manage the risk of every booking no matter what the relationship is or how long you have known the person (or how long they have known someone). 

I would like to add that the staff and management of eTravel were incredibly caring and supportive. I never felt like I was in this nightmare alone!  

“This story is not an isolated case. Just remember the Carte Blanche episode in April, which showcased another instance of fraud where a so-called travel agency took people’s money and never paid suppliers,” says eTravel Finance Director Shaun Stober.

Stober reminds us that legally, it’s important to keep in mind that “money is paid for a specific reason and payments are made for a specific purpose”. Any payment needs to be tracked and controlled keeping this in mind.  Anything else is mismanaging the funds.

Stober explains this is what makes the eTravel administration process the right process. He says: “Our process clearly stipulates that payment for different things need to be made separately. Even Facility Fee invoices need to be paid separately as these fees are being invoiced separately.”