The biggest threat to the brand capital of a hospitality business? Not adopting PCI DSS standards.

Two hospitality technology players are concerned that the industry is not applying sufficient urgency to its adoption of PCI DSS payment processing standards. They got together to voice their disquiet.
By: Agilysys (Europe) Limited
 
Jan. 18, 2012 - PRLog -- Nigel Allport of Agilysys and Andrew Brooks of Servebase see too many hotels and hospitality operators paying lip-service to the need to put PCI DSS at the heart of their business.  By operating in a way that is not fully compliant, these operations put their valuable brand capital in jeopardy.  It’s a risk no hospitality business can afford to take.

The duo believes the industry needs to apply more urgency to adopting PCI DSS payment processing standards.  By operating in a way that’s not fully compliant, hospitality operators put their valuable brand capital in jeopardy.  

Security breaches are widespread, with hackers stealing card data to use elsewhere.  This is a boardroom issue, with hotel owners needing to buy into compliance and see it not as an IT issue, but a business issue.  If card data is taken and the situation snowballs, hotels will face fines.  If news gets out, reputational damage and loss of revenue will result. Compared to this, the costs of PCI compliance are insignificant.  

Whether they conduct a few payment processes or millions of transactions a year, all hospitality businesses must be compliant.  Even if data is processed and stored manually, standards need to be adopted.  In the case of a mid-to-large hotel, a myriad of systems accept card data.  Prepayment bookings, call centres taking bookings with card data, and card data being used to guarantee a booking, where no charge is made unless there’s a no-show.  All these touch-points must be PCI DSS compliant.

Then, once achieved, compliance has to be one of the cornerstones of the business.  Just as a hotel wouldn’t dream of not cleaning rooms each day, so it needs to ensure its PCI DSS processes are being followed daily.  And, those processes once in place need to be tested and recertified annually by an accredited QSA or via self-assessment, depending upon transaction volume.  

All it needs is for someone unauthorised to be let into an area requiring a security pass or for a guest to send an email containing card data and there’s a problem.  However, if it can be proved that staff followed QSA-agreed procedures, then the establishment is protected in case of a breach.

The hospitality industry needs to have complete focus on security breaches and brand security.  Not only do operators risk fines if there is a security lapse but, more importantly, they risk devaluing their brand by putting customers at risk and, ultimately, losing the ability to take card payments.  PCI DSS compliance protects more than card data; it protects the brand capital of a hospitality business built up over years if not decades, and what’s more important than that?  


Agilysys (Europe) Limited provides specialised IT solutions to the hospitality sector, for hotels, restaurants, casinos, resorts, condominiums, cruise lines, sporting stadia, arenas, conference centres and tourist venues. Visit www.agilysyseurope.com

Servebase is a global, multi-channel payment processing provider, delivering secure card processing covering all payment environments, from single solutions to multi channel combinations of mail order, e-commerce and ‘customer present’ Chip and PIN.  Visit www.servebase.com


The Facts

Does PCI DSS apply to me?
PCI DSS applies to you if you are involved in storing, processing or transmitting any cardholder data. What’s more, the standard doesn’t just apply to storing data electronically; it also covers manual processing and storage. Whether you conduct a few payment processes or millions of transactions every year, you need to operate in a compliant fashion.

What are the requirements?
•   You must not use card and verification details for any purpose other than completing the card transaction.
•   You must not pass card details onto anyone else, except for the purpose of helping them to complete the card transaction, ie. authorisation and/or settlement.
•   You must not store the card security code (last three digits on signature strip
•   You are only permitted to keep a separate record of the card number and expiry date if both of these conditions apply:
o   You have the specific agreement of the card holder,
o   You are only going to use this information to help with future transactions, such as recurring payments or new orders if further orders are likely.
•   In short, you shouldn’t store card data if you don’t need to

The standards
It’s important to know the standards, as you may be storing cardholder information (such as receipts from terminals or emails that contain cardholder details) in a way that the standard does not allow. The standard is broken down into these sections:
•   Build and maintain a secure network
•   Protect cardholder data
•   Maintain a vulnerability management programme
•   Regularly monitor and test networks
•   Maintain an information security policy

# # #

Romain Consulting is a UK-based Marketing & Corporate Communications consultancy. Services including PR are delivered by a high-calibre, highly-experienced technology Marketer. Former Marketing Director of global group. Strategy, planning & execution. Full range of Communications & Product Marketing activities are available on a project or retained basis. Specialisms: technology, insurance & financial services, retail. French speaker.
End
Source:Agilysys (Europe) Limited
Email:***@romainconsulting.co.uk Email Verified
Tags:Pci Dss, Servebase, Agilysys, Payment Processing, Payment Security, Hospitality, Hotels, Retail
Industry:Payment processing, Hospitality
Location:Crediton - Devon - England
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Romain Consulting PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share