PCI DSS Compliance Guide
PCI DSS Compliance Guide
we confirm that the GOL IBE is PCI DSS compliant. For your reference, feel free to download GOL IBE’s PCI Executive Report and SAQ. There are however three things that we need to solve with you (sorry for the lengthy explanation but it is necessary):
1. Legacy carrier online payments
If you are a rare user of the online payment method that uses Travelport+ PNR for processing the credit card, we switch this option off to meet IATA requirements, as this payment option is not PCI DSS compliant for GOL IBE. A PCI DSS compliant online payment option available for your market is PayPal, including CC payments within PayPal.
If you already use another payment gateway integrated with GOL IBE and if it's PCI DSS compliant, it remains activated.
If you wish to use any other payment gateway that is popular in your market, please get in touch with the provider and send us their API documentation. Our programmers will evaluate the development.
2. Travelfusion (LCC air content)
As you might have read in our recent newsletter, Travelfusion will no longer be able to process payments for low-cost carrier bookings through their gateway. The two major reasons are: Travelfusion's payment gateway currently does not offer sufficient anti-fraud protection, and Travelfusion no longer allows their gateway to be used for B2C to avoid fraudulent payments. To help you continue selling LCCs, we’ve prepared a new payment model where you don't need to have your own license with Travelfusion and your customers pay through the GOL IBE payment gateway directly to you. We will require a deposit from you which we will use to pay for bookings to Travelfusion (your customers will be allowed to book up to the amount of your deposit). And you can define your own mark-up. It is pretty simple:
Payment flow: passenger pays (a price of booking) to travel agency pays (a deposit) to CEE Travel Systems pays (a price of booking) to Travelfusion
For this new model to work:
You need to use a payment gateway in GOL IBE so that passengers can pay to you for Travelfusion bookings.
You pay us a deposit that we set up in the GOL IBE back-office. Your customers can book tickets up to this deposit. The deposit is defined in EUR based on your current Travelfusion production (the reason for EUR is that our payment relationship towards Travelfusion is also in EUR).
Again, you can set up your own service fee now also for Travelfusion bookings.
GOL IBE will add our mark-up of EUR 3 (per ticketed PNR) to the price of booking. Your customers will pay the total price, and we deduct this fee from the GOL IBE annual deposit that you already pay to us and from which we already deduct the fee for ticketed Travelport+ PNRs.
In the meantime, we have deactivated Travelfusion for your GOL IBE so that it can be considered PCI DSS compliant.
3. GTA (hotels)
The payment flow for GTA hotels also needs to be changed.
Right now, your customers who book GTA hotels, pay directly through GTA‘s own payment gateway. You need to switch to the deposit model with GTA where passengers pay to you instead of to GTA, and GTA deducts these payments from your deposit that you pay to them.
In the meantime, we have deactivated GTA for your GOL IBE so that it can be considered PCI DSS compliant.
1. Please consider the above and confirm at firstname.lastname@example.org whether you wish to continue with Travelfusion and GTA.
2. Please also confirm whether PayPal or another online payment option should be enabled for your GOL IBE.
Any questions, just let us know at email@example.com.
Thank you for your kind cooperation.