Helping Airports Understand the Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for ensuring protection and security of credit cardholder data. This digest presents the PCI DSS and the impacts that an airport needs to consider when reviewing their credit data retention policies and systems that process credit card payment transactions. Airports today are assuming more responsibility and direct ownership of information systems that accept credit card payments. These payments include parking revenue, concession sales, and other services. Airports are being classified by the PCI as merchants and service providers, depending on the level and types of transactions they are supporting. Because of these classifications, the airport operators are required to undergo PCI DSS audits to ensure that they have the proper protections and systems in place to protect cardholder data. A guide is needed by airports to help them understand the data and network protection responsibilities they must assume when accepting card transactions. The objective of this report is to present an analysis of the PCI DSS, to give an overview of the systems that may be affected, and to present areas for further research and study. The result is an introductory guide for airports as to their responsibilities associated with the commercial PCI DSS.