Should the Hospitality Industry be concerned about PCI DSS?

Internet hacking and data theft are becoming major concerns for businesses across industries. Irrespective of size, if your business accepts credit cards as a mode of payment, it immediately exposes itself to the huge threat of data hacking, theft and breach. The hospitality industry is no different. With the travel industry growing rapidly, hotels and restaurants access and store customers credit card information and feedback forms as part of their accounts and CRM on a daily basis.  It has become imperative to protect this guest information and data with uttermost privacy. In fact, according to a recent study, hotels and restaurants have accounted for the largest amount of credit card breaches. Thus, the hospitality sector has no choice but to comply with Payment Card Industry Data Security Standard (PCI DSS) requirements to secure itself and protect against data thefts and loss.

PCI DSS standards maybe overwhelming for smaller hotels and restaurants, but with a robust hotel software or hotel ERP, hoteliers can secure their networks to run at optimal capacity.

What is PCI DSS?

Payment Card Industry Data Security Standard (PCI DSS), are a set of requirements that any business using credit card as a payment mode must adhere to. These are a set of guidelines and IT requirements that can be implemented while configuring IT and payment processing environments.

PCI DSS was established by five of the world’s major card networks: American Express, Visa, Discover, JCB and MasterCard.

Where Do PCI DSS Standards Apply?

PCI DSS standards are a set of international security requirements that govern all areas of sensitive guest payment card data processing such as:

  • Magnetic card stripe
  • Security codes and passwords on all property applications, including Windows
  • PIN that results when a transaction is authorized
  • Physical security of printed reports

Requirements for a PCI DSS Certification

Hotels must meet specific requirements to earn a PCI DSS certification.  These requirements include standards for:

  • Network security – firewalls and password configuration
  • Using secure PCI-certified system applications
  • Restrictions on cardholder data access – both electronically and physically

Advantages of PCI DSS to the Hospitality Sector

Data theft could result in a hotel or restaurant being black listed, resulting in loss of thousands of dollars of revenue. PCI DSS benefits a hospitality property in terms of

  • Better protection of sensitive company & guest data
  • Reduced risk of data theft
  • New revenue opportunities
  • Optimized processes and systems
  • Improved efficiency and brand value

PCI DSS also protects a hotel in terms of providing strong access control measures. It also regularly monitors and tests security of the network and maintains a vulnerability management program to deal with breach.

How to Stay PCI DSS Compliant

Here is a quick list of things to do so that your hotel property becomes PCI DSS compliant

  • Install and maintain a firewall to protect cardholder data
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Avoid using vendor-supplied default settings for system passwords and other security parameters
  • Encrypt transmission of cardholder data across open and public networks
  • Ensure your anti-virus software is always updated
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

The onus really is on you to become PCI DSS compliant and verify your compliance with each payment card brand if you are an independent hotel, restaurant or resort. If you are part of a franchise, reach out to your franchisor to see they have implemented a PCI compliance program for their franchisees or if they are offering any guidance.


IDS NEXT is one of the largest dedicated Hospitality and Leisure Technology service provider. Our integrated hotel technology solutions cater to every segment of the hospitality sector, be it hotel chains, restaurants, clubs, spas, or cruises. With over 24 years of experience in development, our products are robust, scalable and backed by 24×7 technical support.

Learn more about IDS NEXT. Visit


About hospitalitytechnology

Technology is making greater and greater inroads into our lives. Right from when we wake up in the morning to when we head to sleep – we cannot imagine a life without the gadgets and gizmos that make life easy and interesting. When we travel and stay in hotels, our expectations are no different. We expect all the technological amenities we easily access at home if not more. The hospitality industry in increasingly accessing technology to wow guests, optimize their use of manpower, control hotel functions in an integrated manner and on the whole reduce costs while increasing efficiency. This blog is meant to track these technological changes happening in the hospitality sector. The growing move towards sophisticated hotel ERP, the growing use of cloud computing, the rapidly changing customer facing devices – smart phones and iPads, the increasing security concerns and more. Expect to find interesting articles, whitepapers, thoughts, and observations. Feel free to comment and even mail us content that you don’t mind posted here. Happy reading!
This entry was posted in Hospitality Technology and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s