SITA First To Achieve PCI Security Compliance For Passenger Processing

ATLANTA – January 18, 2012 – In what is a first for the airport industry, IT solution specialist SITA today announced that it has achieved Payment Card Industry Data Security Standard (PCI DSS) certification as a service provider of its common-use platform AirportConnect Open. This confirms SITA as the world’s first, and only, service provider of a common-use passenger processing system and managed services, to be listed as capable of meeting the global security requirements of the payment card industry.

PCI DSS is the security standard developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. to provide fraud protection to their cardholders. Any organization that processes, stores or transmits cardholder data is required to comply with these security standards. To achieve compliance, a service provider must go through a thorough annual assessment.

Ilya Gutlin, SITA Vice-President for Airport Services, said: “SITA is meeting the increasing requirements of the air transport community as it brings common-use passenger processing environments to a more efficient and secure level. It is another milestone in our long history of community leadership as we continue to partner with airports and airlines to meet the evolving needs for common-use systems. SITA is now the first, and only, service provider to receive certification to the PCI DSS for a common-use platform, and be recognized by Visa as a PCI Compliant Service Provider.”

Airlines are offering more and more services that require payment from passengers at the airport including baggage fees, same-day upgrades, priority seating and lounge access. Wherever a card is swiped – at an agent’s desk or at a self-service kiosk – they must ensure that this action is in line with the payment card industry’s security standards and that their system suppliers are PCI Compliant.

Gutlin added: “Airports are ultimately responsible for their annual PCI compliance assessment across all areas and so they will need to add PCI compliancy as a required specification for all future system installations. But knowing part of the environment, namely their passenger processing provided and managed by SITA, is already compliant will make the airport's PCI assessment easier.”

Aleks Popovich, Senior Vice President of Industry Distribution and Financial Services at IATA, said: “IATA is working closely with its member airlines to support PCI DSS compliance in industry distribution channels, such as the Billing and Settlement Plan (BSP) and other shared infrastructure.

“Compliance to PCI DSS is mandated by the international card payment schemes but it is also sound business practice. It protects clients, avoids card fraud, and lowers the risk of fines and fees.”

SITA places the highest of priorities on maintaining the appropriate levels of security and data protection throughout its operations. SITA has an enterprise-level PCI Compliance initiative to address the company’s compliance obligations, and has staff fully trained in the adherence of PCI DSS. The organization is involved in the evolution of the PCI security standards through its membership of the PCI Standards Security Council (SSC) and a variety of air transport industry working groups, including IATA and Airports Council International.

SITA’s AirportConnect Open is used by more than 300 airlines to process millions of passengers every day in more than 400 airports around the world. It is a proven, stable platform that continues to meet evolving technology advancements and standards. SITA is now the only service provider of a fully-integrated common-use platform and managed services, supporting workstations and CUSS kiosk applications that is compliant with the latest security standard PCI DSS Version 2.0.