PCI Compliance and Data Security in Hotels
With the Digital payment methods becoming the norm in the hospitality industry and elsewhere, the hoteliers have to be more proactive in providing safe and secure payment platforms to their guests. In the past few years there have been some unfortunate incidents of data breaches at some hotels and hospitality companies. This has resulted in more emphasis on cybersecurity in the hospitality industry. Also due to PCI DSS compliance, ensuring the highest data security standard isn’t an option anymore but a requirement.
What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is a protocol which contains guidelines for accepting, processing, and storing credit card information. PCI council was established by the leading credit card services in the US such as Visa, MasterCard and American Express. To be able to accept credit card payments a business has to be PCI compliant.
PCI Compliance in Hospitality Industry
The hospitality industry processes millions of dollars’ worth transactions per day, which makes it a target for the data hackers. Hotels use different systems that use or process guest information. The system most vulnerable to data hack attempts is the POS system at the front desk, as it processes the most transactions.
To ensure data security and PCI compliance hotels are required to use only PCI compliant POS and PMS vendors. As most guests also prefer to book hotels online, hotels also need to provide checkout / pages at their websites that are controlled by a licensed service provider.
Also, part of PCI compliance is that the hotel must restrict the access of guest data to the relevant employees only. The hotels are required to provide training to the staff before they can handle the guests’ credit cards and personal data.
PCI compliance is not only about the technical aspect of payment processing, but it also includes storing paper documents securely, shredding the documents etc. Furthermore, hotels tend to have a lot of employees working in close proximity, PCI compliance ensures that only very few employees with proper training and credentials handle sensitive information.
[…Read Complete Article at Advanced Hospitality Technologies Blog…]
