Since most travel agents accept and process credit card payments for their clients while paying for a holiday or tickets, it is easy for fraud to take place, thus they must adhere to the specific level of PCI compliance. The level is calculated by how many credit card transactions they process within each year.
Figures from ABTA (which stands for the Association of British Travel Agents) show that over £10 million is stolen each year by frauds that occur in the travel industry. Since the implementation of Chip and PIN methods of secure payment, fraudsters have changed their approach to stealing money causing a meteoric rise in the number of card/cardholder not present fraud, this is where the fraudster has acquired the card details and uses them to purchase items (or in this case holidays) using the stolen details without even having the card in his or her hands.
There are a number of different schemes that fraudsters will use to defraud travel agencies, such as cardholder not present fraud, tumbling and swapping where a brute force method of gaining credit card details is applied. Other techniques, can be cancellation fraud where fraudsters will book a holiday then cancel, agent fraud and cardholder present fraud which is essentially when a fraudster has either stolen a credit card and uses it to pay for the holiday, or they have managed to forge a credit card and use that as a replacement.