Atlas has confirmed its compliance with the latest Payment Card Industry Data Security Standard (PCI DSS) via a Qualified Security Assessor (QSA).
Data breaches and credit card fraud are a major risk in the airline industry. In 2021 alone, airlines lost over €6.5B to fraud, which is equivalent to the global average cost of 24,000 flight tickets with fraud losses amounting to 1.5% of total global airline revenue.
To guarantee security of your transactions, in 2024 Atlas confirmed its alignment with the latest Payment Card Industry Data Security Standard via an independent Qualified Security Assessor (QSA). Atlas has been assessed and validated according to the PCI DSS Requirements and Security Assessment Procedure v.4 across both platforms that we use to handle cardholder data globally – Alibaba Cloud and Google Cloud.
PCI DSS compliance requirements cover various aspects, including network security, data encryption, access controls, and regular monitoring and testing.
PCI DSS is a global standard that provides a baseline of technical and operational requirements designated to protect payment data from unauthorized access, fraud and theft. It helps reduce the risk of data breaches. This standard is developed by the PCI Security Standards Council, a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards.
PCI DSS Version 4
Atlas has been assessed and certified according to the latest available PCI DSS standard version 4, issued in 2022.
Previously, we used Self-Assessment Questionnaires (SAQ) to confirm our compliance with the PCI DSS requirements. The move to the QSA level of assessment required us to implement even more stringent security measures and thoroughly review all our existing systems. This certification confirmed that Atlas operates at the highest level of industry standards both as a service provider – to pass through credit card transactions to other merchants for processing – and as a merchant, to accept payment cards directly.
“We are devoted to providing our customers not just with the best product, but also peace of mind,” says Mary Li, CEO and Founder of Atlas. “As technology evolves, cyber-attacks become more difficult to prevent, too, and Atlas will continue keeping our systems up-to-date and aligned with the highest industry standards.”
You can review our PCI DSS v.4.0 compliance certificate here.
Next steps
Compliance with the PCI DSS standard needs to be confirmed annually, which means that we will regularly review and update our systems to the latest payment industry requirements.
But we are not going to stop here.
Travel and tourism rank third in cyber security incidents according to the Trustwave 2020 Global Security Report. To protect your business and ours, we’ve invested significantly in enhancing our data and cyber security programs.
Atlas is currently undergoing a series of assessments to confirm its alignment with the globally recognized information security standards. At the same time, we enhance our approach to user management both via API and the ATRIP Flight Deck – new features will allow our customers to better manage who has access to their Atlas account at any time, protect it from unauthorized users with improved offboarding guidelines, and offer tools to monitor and audit any potential breaches and incidents.
“Atlas is building the world’s leading LCC distribution platform, and it is not possible without investing in information security. We value our customers’ trust and can’t even imagine putting their data at risk. We are working on some exciting updates in this area, and I can’t wait to share more with you in the coming weeks and months,” says Mary Li.
