Hotels| PCI DSS| Credit Cards

Telephone & internet hacking and data theft are becoming major concerns for businesses across industries. Irrespective of size, if your business accepts credit cards as a mode of payment, it immediately exposes itself to the huge threat of data hacking, theft and breach. The hospitality industry is no different. With the travel industry growing rapidly, hotels and restaurants access and store customers credit card information and feedback forms as part of their accounts and CRM on a daily basis.  It has become imperative to protect this guest information and data with uttermost privacy. In fact, according to a recent study, hotels and restaurants have accounted for the largest amount of credit card breaches. Thus, the hospitality sector has no choice but to comply with Payment Card Industry Data Security Standard (PCI DSS) requirements to secure itself and protect against data thefts and loss.

PCI DSS standards maybe overwhelming for smaller hotels and restaurants, but with a robust hotel software or hotel ERP, hoteliers can secure their networks to run at optimal capacity.

What is PCI DSS?

Payment Card Industry Data Security Standard (PCI DSS), are a set of requirements that any business using credit card as a payment mode must adhere to. These are a set of guidelines and IT requirements that can be implemented while configuring IT and payment processing environments.

PCI DSS was established by five of the world’s major card networks: American Express, Visa, Discover, JCB and MasterCard.

Where Do PCI DSS Standards Apply?

PCI DSS standards are a set of international security requirements that govern all areas of sensitive guest payment card data processing such as:

  • Magnetic card stripe
  • Security codes and passwords on all property applications, includingWindows
  • PIN that results when a transaction is authorized
  • Physical security of printed reports

Requirements for a PCI DSS Certification

Hotels must meet specific requirements to earn a PCI DSS certification.  These requirements include standards for:

  • Network security – firewalls and password configuration
  • Using secure PCI-certified system applications
  • Restrictions on cardholder data access – both electronically and physically

Advantages of PCI DSS to the Hospitality Sector

Data theft could result in a hotel or restaurant being black listed, resulting in loss of thousands of dollars of revenue. PCI DSS benefits a hospitality property in terms of

  • Better protection of sensitive company & guest data
  • Reduced risk of data theft
  • New revenue opportunities
  • Optimized processes and systems
  • Improved efficiency and brand value

PCI DSS also protects a hotel in terms of providing strong access control measures. It also regularly monitors and tests security of the network and maintains a vulnerability management program to deal with breach.

How to Stay PCI DSS Compliant

Here is a quick list of things to do so that your hotel property becomes PCI DSS compliant

  • Install and maintain a firewall to protect cardholder data
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Avoid using vendor-supplied default settings for system passwords and other security parameters
  • Encrypt transmission of cardholder data across open and public networks
  • Ensure your anti-virus software is always updated
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

The onus really is on you to become PCI DSS compliant and verify your compliance with each payment card brand if you are an independent hotel, restaurant or resort. If you are part of a franchise, reach out to your franchisor to see they have implemented a PCI compliance program for their franchisees or if they are offering any guidance.