Contact Us My ARC
Participation
Products
Communications
Training
Support
About ARC
Participation Products Communications Training Support About ARC
Data Products
Travel Agencies Agency BI Aria Memo Analyzer for Agencies Custom Reports View All
Airlines Airline BI Custom Reports Direct Data Solutions Memo Analyzer for Airlines View All
Corporate Travel Programs Air Program Monitor Corporate BI View All
Other Data Users Custom Reports Financial Industry Reports Global Agency Pro Market Locator View All
Distribution
New Distribution Capability (NDC) Settlement Document Retrieval Service (DRS) Interactive Agent Reporting (IAR) Internet Sales Summary (ISS) Memo Manager
Payment
Travel Agency Service Fee (TASF)
Business Services
AeroGram ARC's IRS 1099 Processing Service Printables Collection Revenue Recovery Service (RRS) View All
Travel Agencies ARC Agency Accreditation Become an ARC-Accredited Agent ARC Verified Travel Consultant Program Become an ARC Verified Travel Consultant
Airlines ARC's Settlement Services for Airlines Become an ARC Participating Airline Participating Airline Application Request Current ARC Participating Airlines
Corporations Corporate Travel Department Program Become an ARC Corporate Travel Department Corporate Travel Department FAQs
Distribution: Evolved
Learn More participation
The Latest Newsroom Blog On-Demand Webinars Case Studies Customer Success Stories Events
Agency Communications Agent Newsletter Airline Participation Announcements Fraud Alerts Travel Agent Communications (TAC)
Airline Communications Airline Newsletter Airline Participation Announcements Fraud Alerts
Working Groups Debit Memo Working Group (DMWG) ARC Payments Forum
Travel Agencies Agent Custom Training ARC Online Training ARC Specialist Training & Certification Self-Paced Training Knowledge Center
Airlines ARC 101 Agency Life Cycle Reporting & Settlement
On-Demand Webinars
Build your knowledge of ARC and the travel industry.
View All
training
ARC Resources
2019 ARC Agency Fees 2019 Holiday Schedule 2019 Processing Schedule Airline Ticket Matrix Airline Ancillary Matrix ARC Check Document Retrieval Service (DRS) Exception Transactions UAT Access
Agency Resources
Agent Reporting Agreement (ARA) Industry Agents' Handbook (IAH) Forms Catalog - Accreditation ARC Accreditation Mark GDS Contact Information
Airline Resources
Credit Card Acceptance Chart Information on Agency Accreditation for Airlines Airline Participation FAQs Agency Locator Participating Airlines Re-designation form for Airlines


Fraud Prevention Resources
Best Practices Convictions Digitally Altered Images Fraud Prevention Fraud Prevention On-Demand Webinars Free Internet Tools Partners in Fraud Prevention Schemes
Who We Are
Our Story About the Brand Leadership & Governance
What We Do
Settlement Services Airline Sales Statistics Our Data Our Technology
Join Us
Careers Benefits & Perks Our Culture
Get Help
Contact Us

PCI Data Security Standards

PCI Data Security Standards

A little about PCI

PCI ImageAmerican Express®, Discover Financial Services®, JCB®, MasterCard Worldwide®, and Visa International®, were founding members of the Payment Card Industry (PCI) Security Standards Council with the mission to enhance payment account security by fostering broad adoption of the PCI Data Security Standard for merchants and processors handling sensitive credit card information.

Compliance and validation requirements for PCI DSS vary according to the number of transactions handled by the merchant or merchant service provider. Generally, there are four levels defined, with level 1 having the highest, and level 4 the least number of transactions. Common to all four levels is the understanding that you store, process, or transmit credit card data.

PCI and ARC

ARC, as both a merchant and the processor on behalf of many merchants, is regarded as a top level processor handling enormous volumes of credit card data and is thus subject to strict requirements which are being met. In fact, ARC was very pleased to be the first level 1 entity in the travel industry to be PCI Compliant, and we actively participate in the PCI Security Standards Council (see https://www.visa.com/splisting/). ARC is a resource available to assist other entities in the industry to become similarly compliant.

PCI and the ARC Agent - What, if any, action is recommended?

If you have your own agreement with a bank card processor or an acquiring bank, you should contact your merchant representative to confirm your merchant level and recommended compliance validation requirements (Self assessment questionnaire and/or quarterly scanning).

If you are an ARC accredited agent and do not have your own credit card merchant agreement(s), you should still be exercising caution with respect to your handling of your customers' credit card information, e.g., where you record it, how you store it, etc. This means treating your clients' credit card data in a secure and confidential manner. Moreover, in this age of increasing office automation, securing your computer equipment against electronic intrusion is just as important as locking up information on paper.

ARC strongly recommends that you make use of tools available such as the option that permits you to mask credit card account numbers when using ARC Document Retrieval Service. As a helpful reference, please note the PCI DSS group of 12 principles appearing in the FAQ linked below.

We all share a common interest to keep our customers' private information secure. ARC has invested in keeping the credit card data secure in our systems and will be happy to assist you with any further questions or concerns with the resources below. Should you have any questions after reviewing the additional documentation available to you, please contact ARC's Customer Care Center at [email protected].

  • Q&A (prepared by ARC) on PCI DSS
  • Self assessment link
  • ARC is committed to provide help to you in this very important area. Additional information and guidance will be posted here to make it easier to complete the self assessment questionnaire and quarterly scanning solutions.