The Council manages an industry protocol referred to as the PCI Data Security Standard (DSS), a common set of industry tools and measurements to help ensure the safe handling of sensitive credit card data and the protection of cardholder information. In general terms, any entity which stores, processes, or transmits cardholder data (specifically the primary account number) must comply with the PCI DSS.

Even if an entity does not operate an online booking web site (which must comply with the PCI DSS despite already having an SSL secure certificate and web site "padlock"), so long as an entity uses the Internet to connect to a GDS, a travel supplier agent booking portal, a payment portal for online processing of agency service charges, a settlement system for airline ticket sales or travel sales transactions, a web-based storage or back-up facility for back-office accounting or customer profile data, or any other Internet-facing portal or application (including standard e-mail) used in the transmission of credit card data and cardholder information, the entity must comply with the PCI DSS.

The non-profit RSPA (Retail Solutions Providers Association) produced a brief video which explains what PCI Compliance means and the security risks many small retailers are facing. The video showcases a small retail merchant who experienced a security breach and details the challenges it faced due to a compromise of its internal systems. While the video shows one example of a security breach (a point of sale card swipe terminal), credit card data input directly via the Internet, including through a GDS, back-office system, supplier web site, etc., is equally vulnerable for theft. View an excerpt from the RSPA video by clicking on the YouTube screen below.

While individual credit card companies have had security and account protection standards for quite some time, a collective effort using joint PCI DSS compliance is now in force and will make it easier for all travel merchants to comply more efficiently and effectively. Travel agencies may have noticed recent changes to GDS login and password management to be more PCI compliant.

IATA member airlines, at their Passenger Agency Conference in Geneva in June 2007, agreed to require agencies to be PCI compliant in order to satisfy IATA resolutions and accreditation requirements.

The Airlines Reporting Corporation (ARC), effective 12 November 2007, amended the ARC Agent Reporting Agreement and the ARC CTD Reporting Agreement to require U.S. travel agencies and corporate travel departments which are ARC-accredited to comply with PCI data protection standards. A summary of ARC's changes to the Agreements, including those amendments regarding PCI, are available on the ARC web site.

At the same time, credit card companies are aggressively pursuing new and existing travel retailer merchants, including travel agencies, to prove PCI compliance in order to maintain credit card processing tools and facilities.

ATC has entered into an agreement with Trustwave (www.trustwave.com) to provide a variety of services to assist travel agencies, airlines, and other travel services merchants in complying with the PCI DSS. Trustwave is a leading provider of data security and compliance management solutions to more than 30,000 organizations throughout the world including banks, merchants, service providers and software developers. ATC is pleased to have partnered with Trustwave to help travel industry retailers comply with PCI at an attractive, affordable rate.

To help travel agencies and other travel service providers understand the PCI compliance requirements and to assist with the implementation of the tools necessary to achieve cost-effective compliance, the Airline Training Council (ATC), along with a coalition of travel agency and travel technology organizations including ARTA, ARTA Canada, TravelSoft, WebCanada, and others, offer a five-prong initiative to provide:

• PCI Webinars and Self-Paced PCI Web Learning
• PCI Compliance Automated Self-Assessment Questionnaire
• PCI Compliance Automated Network Scanning
• PCI Compliance Remediation and Help Desk Service
• Seal of Approval for Compliant Travel Service Merchants

PCI Webinars
The PCI Webinar is a two hour web-based training program designed for travel agents, travel merchants, travel service providers, travel suppliers or any other entity in the travel industry which stores, processes, or transmits cardholder data. The PCI Webinar Program is interactive, conducted by an experienced trainer, and provided in English only (néamoins, des questions en français sont encouragées). Topics to be discussed during the webinar include:

Self-Paced PCI Web Learning Version (PC Users Only)
For persons unable to attend the PCI Webinar, a pre-recorded, condensed version of the PCI Webinar is also available and can be played only on a PC. While the self-paced program is not-interactive, all key concepts of the PCI Webinar are included and viewers can play, replay, and listen to the trainer's presentation at their own pace. It should be noted that this self-paced program is for PC users only and is copy-protected and can be viewed/played an unlimited number of times, but only on the PC where it is first opened and viewed. It cannot be redistributed to other parties. Please consider the copy-protection restriction carefully before ordering. Please allow up to 48 hours for electronic delivery processing of your order for the self-paced version of the PCI Webinar.

Tuition for the PCI Webinar
Tuition for the PCI Webinar, which permits an unlimited number of participants in a single office location, is USD 150.00 for U.S. and International participants or CAD 150.00 (plus applicable Canadian taxes) for Canadian participants. Given the nature of this training program, and to keep log-in costs down, it is recommended that attendees call from a conference room where facilities are in place for a group of agents to share a single connected PC and speakerphone. Multiple log-ins from different PCs and dial-ins from more than one telephone line require separate tuition payment. A discount of USD 30.00/CAD 30.00 is offered to ARTA and ARTA Canada members provided that registration occurs prior to the enrollment deadline indicated below. Tuition must be paid online using ATC's secure web payment system, and only VISA and MasterCard are accepted. We regret that the American Express card is not accepted. Enrollment for this program is expected to be extremely high. Please register early to assure acceptance into the session of your choice.

Tuition for the Self-Paced PCI Web Learning Version
Tuition for the Self-Paced PCI Webinar Learning Version is USD 135.00 for U.S. and International viewers or CAD 135.00 (plus applicable Canadian taxes) for Canadian viewers. A discount of USD 15.00/CAD 15.00 is offered to ARTA and ARTA Canada members. It should be noted that this self-paced program is for PC users only and is copy-protected and can be viewed/played an unlimited number of times, but only on the PC where it is first opened and viewed. It cannot be redistributed to other parties. Please consider the copy-protection restriction carefully before ordering. Please allow up to 24 hours for electronic delivery processing of your order for the self-paced version of the PCI Webinar. Tuition must be paid online using ATC's secure web payment system, and only VISA and MasterCard are accepted. We regret that the American Express card is not accepted.

Webinar Sessions
The PCI Webinar is two hours long in its entirety. Each session below is the entire program, not a series of sessions which continue from a previous session. Registration for the session of your choice below is the full program, repeated identically on each date.

*Registration after the enrollment deadline indicated above is subject to a late registration fee of USD 30.00 or CAD 30.00 (plus applicable Canadian taxes). Please register on-time. Space is extremely limited.

Online Webinar Requirements
The PCI Webinar is an online web-based seminar. Participants will be required to have access to an Internet-connected PC and a regular telephone (U.S. long distance charges apply). For participants in Canada, ATC recommends using a $1.00 Looney Call at www.looneycall.ca to keep long distance charges minimal. Technical requirements include:

»» Minimum technical requirements to attend the webinar using a PC:

. Required: Internet Explorer 5.0 or later, Netscape Navigator 6.0 or later or Mozilla Firefox 1.0 or later

. Required: Windows 2000, XP Home, XP Pro or 2003 Server, or Vista

. Required: Stable 56k, cable modem, ISDN, DSL or better Internet connection

. Recommended: Minimum of Pentium 400 with 256 MB of RAM

. Recommended: Java Virtual Machine enabled

»» Minimum technical requirements to attend the webinar using a Mac:

. Required: Mac OS X 10.3.9 (Panther) or newer

. Required: Safari 1.3 or newer, Firefox 1.5 or newer on PowerPC G3/G4/G5 or Firefox 1.5.0.2 or newer on Intel (JavaScript and Java enabled)

. Required: Stable 56 k, cable modem, ISDN, DSL or better Internet connection

. Required: Power PC G3/G4/G5 or Intel processor (G4 450 MHz with 256 MB of RAM)

This is an interactive session between participants and the webinar leader. Please register early to assure confirmation in the session of your choice.

Webinar Leader - Bruce Bishins, CTC
One of the most accomplished technical trainers in the travel industry, Bruce Bishins has been a respected and well-known consultant to travel agencies for over 30 years. He has held positions at Air Canada, Swissair, Air France, and Austrian Airlines, and was Manager-Travel Industry Training at Trans World Airlines for nearly eight years. He developed and implemented the travel agency training program for PARS. In 1978, he was appointed by a joint airline task force to the position of Manager-Procedures Training for the Air Traffic Conference (the predecessor to the ARC Area Settlement Plan in the U.S.). In 1981, he joined the Airline Training Council as Executive Director. In 1991, while still at ATC, he was contracted by the International Air Transport Association to provide technical support and training for travel agents and air carriers participating in the IATA Billing and Settlement Plan (BSP). He is a well-recognized industry expert in travel distribution, travel e-commerce, and travel payment and settlement systems.

How to Enroll
Please complete the above Online Enrollment Form with all requested information. Tuition fees include only the cost of instruction and training materials. Conference call long distance charges are at the participants' own expense. Please enroll early to assure participation in the session of your choice and to avoid a USD 30.00 or CAD 30.00 late fee if enrolling after the published deadline.

Cancellations/Changes to Sessions
Tuition fees are non-refundable. Please consider carefully your intention to attend prior to enrollment. To discourage changes, a change fee of USD 30.00 or CAD 30.00 (plus applicable Canadian taxes) will be levied for changes to session dates after enrollment.

Session Confirmations
Approximately one week prior to the webinar session requested, a confirmation will be e-mailed to all enrolled and confirmed participants. If for any reason a participant has not received a confirmation at least one week prior to the webinar date, it will be the full responsibility of the participant to contact ATC by sending an e-mail by clicking here or calling ATC at 416-920-3242 immediately. As such, non-receipt of e-mail confirmation is not a valid reason for failure to attend.