NB: This is a guest post by Merchant Link, providers of security and support for credit card transaction and payment systems.
Day One: Compliant with PCI? Impact on the hotel industry
The Payment Card Industry (PCI) Security Standards Council is an organization that has come together to develop a set of global requirements for enhancing data security as it applies to credit card payments.
This set of standards is known as PCI Data Security Standard (PCI DSS) and was originally developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa International.
Yet, despite these security standards, hotels have become the number one target for cyber criminals looking to hijack credit card information.
In fact, a recent study has found that 38% of credit card hacking cases last year came from the hotel industry alone.
Weâ€™ve all seen the news. Major hotel brands reported breaches more and more frequently. Why is this industry being hit so hard?
Because most hotels have inadequate data security in place.
This is where the PCI DSS requirements for security management, policies, procedures, and protective measures come into play. They require that hotels:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks; and
- Maintain an information security policy
In addition, US merchants and vendors are also being held to a new standard as of July 1, 2010.
The Payment Application Data Security Standard (PA-DSS) was created by the PCI Council to ensure software vendors develop secure payment applications that do not store information that could violate PCI rules.
For example, systems should not store full magnetic strip or PIN data. As of this recent deadline, all payment applications that are sold in the US are subject to these PA-DSS requirements.
While many merchants are overwhelmed by the requirements of PCI, there is one simple thing that can be done to minimize cost and maintenance â€“ remove the credit card data from their systems.
- Day One: Compliant with PCI? Impact on the hotel industry
- Day Two: Easy things you can do that cost little or no money
- Day Three: On the horizonâ€¦ Whatâ€™s next for PCI DSS?
- Day Four: Protecting data at rest and data in motion â€“ Tokenization and encryption
- Day Five â€“ Reducing the scope of PCI Compliance