{"id":121817,"date":"2023-12-04T13:21:32","date_gmt":"2023-12-04T13:21:32","guid":{"rendered":"https:\/\/yourclomid.com\/?p=121817"},"modified":"2023-12-04T13:21:32","modified_gmt":"2023-12-04T13:21:32","slug":"arcs-10-steps-to-prevent-gds-hacking","status":"publish","type":"post","link":"https:\/\/yourclomid.com\/travel\/arcs-10-steps-to-prevent-gds-hacking\/","title":{"rendered":"ARC's 10 steps to prevent GDS hacking"},"content":{"rendered":"

\"Mark<\/p>\n

Q:<\/strong> You have written several Legal Briefs columns on agencies that have received very large debit memos after someone hacked into the GDS over a weekend and issued tickets for immediate departure. The tickets are always issued as cash sales, so the agency ends up owing the cash. I understand that agencies can be exonerated from the debt if they can prove that they were exercising “reasonable care” at the time of the hack. However, ARC takes the position that if an advisor falls for a phishing email and gives out their login, then it follows that the agency was not exercising reasonable care. Has the agency community made any progress in getting ARC to soften its position? Also, is it still just Sabre agencies that have suffered the hacking?<\/em><\/p>\n

A:<\/strong> In late November, ARC published an amendment to the ARC Agent Reporting Agreement on this subject. The amendment becomes effective on Jan. 30.<\/p>\n

I wouldn’t say that ARC has softened its position. Rather, ARC has done a service to the agency community by spelling out exactly what agencies need to do to protect themselves from GDS hacking and exactly what they need to have done in order to be found to have exercised “reasonable care.”<\/p>\n

So according to ARC, reasonable care includes, but is not limited to, the following measures, which I have paraphrased for brevity:<\/p>\n