Credit Card Security:Primer on PCI Compliance
By Bob Carr Chairman & CEO, Heartland Payment Systems | August 06, 2010
If you're not properly securing your guests' sensitive credit and debit card account information, your hotel may be a prime target for the many cyber-criminals who are searching for this valuable data. Data breaches are occurring at an alarming rate as hackers become increasingly sophisticated, constantly finding new and different ways to penetrate electronic systems. Help keep your hotel... and guests... secure by understanding the threats to card data security, the requirements for Payment Card Industry (PCI) compliance and how to meet them.
Threats to Card Data Security
Cardholder data is a major point of vulnerability. Whenever a guest provides a credit or debit card to pay a room balance or for any of your other services, the cardholder's name, card number, card expiration date and security codes may be at risk as they travel from your system, to and through your processor's network. Hotels are particularly vulnerable to data security breaches due to use of point-of-sale (POS) systems, shared systems among chains, wireless networks and the high volume of card-based payments.
If your hotel's data is compromised, private information - stored in your property management or other systems - may be illegally accessed and could lead to theft of card data and other sensitive information, fraud and financial loss. You could face forensic investigations, damage to your reputation, the loss of loyal guests - and stiff fines from the card brands, ranging from tens of thousands to hundreds of thousands of dollars.
As a safeguard, the card brands - Visa®, MasterCard®, American Express® and Discover® Network - developed the PCI Data Security Standards (DSS) in December 2004. These are technical and operational requirements designed to protect cardholder data. Every hotel that accepts card payments - and stores, processes or transmits payment card data - must meet the PCI DSS.
Requirements of PCI Compliance