By Jeff Sefton

During the hotel property management software evaluation process you should be asking the PMS vendor if the system you are considering is Payment Card Industry, Data Security Standard compliant.

It is the hotelier’s responsibility to protect their customers’ personal information including credit card numbers. Since hotels accept payments from guests and deposits for reservations, and process and store this information in their Property Management System and On-line Booking Engine, it is necessary that the Hotel management understands the importance of payment card industry compliance (PCI) and what it means.

Your Hotel does not want to be in the position of having a system breach where your customers have their personal information exposed. This sort of situation has the potential to lead to a public relations nightmare for your business. Making sure that your Property Management System Vendor is in compliance with the Payment Card Industry standards helps reduce risk to your customers and your business.

However, it’s also important to understand that using a compliant PMS does not eliminate the possibility of a system breach – Using a PCI compliant vendor is just one of the steps you need to take to reduce risk to your customers and your business.

Image Credit: Purple Slog

Back to Main Blog

One of the risks is brand damage – a data breach will likely have a negative impact on your property’s reputation and erode the confidence of your customer base. This can obviously effect revenue and profits over the long term.

The most notable risk is the direct financial penalty. Each credit card company has its own set of fines and penalties – each of which is designed to be very costly to your business.

In addition to the risk of direct fines from credit card brands like Visa, there is also the possibility of receiving financial levies from payment processors or merchant banks – these organization can also be fined by card associations and have the authority to pass fines along to individual hotels that are deemed responsible for any data breaches that occur.

What is the Cost?

Some figures are astounding – Visa fines can be as high as $100,000 per month and up to $500,000 per data breach. The total cost of correcting a credit card data security breach is estimated to be between $90-$300 per card.

In the most severe cases, security infractions can result in your hotel having its ability to process credit card payments completely revoked or lead to law suits from the various affected parties.

For a different perspective on PCI and some of the risks associated with non-compliance, check out this short video (12 min). The video focuses more on the retail sector and POS systems but the information is very relevant to hoteliers.

BACK TO MAIN BLOG

There is no shortage of information regarding Payment Card Industry (PCI) data security standards – so much, in fact, that it can become pretty confusing. For the purpose of this post, let’s focus on how PCI applies to different organizations.

The 4 PCI Merchant Levels

First and foremost, it’s important to understand that PCI Compliance is required by any organization that stores, processes or transmits credit card data. In the case of the hospitality sector it affects the largest chain hotels right down to the smallest independent B&B’s.

Level 1

• Over 6 million credit card transactions per year
• Requirement: annual on-site audit + quarterly network scans

Level 2

• 150,000 to 6 million credit card transactions per year
• Requirement: annual self-assessment + quarterly network scans

Level 3

• 20,000 to 1 million credit card transactions per year
• Requirement: annual self-assessment + quarterly network scans

Level 4

• Less than 20,000 credit card transactions per year
• Requirement: annual self-assessment + annual network scan

PCI and Property Management Software

Because so much credit card data flows through your property management system, selecting the right PMS solution provider can go a long way towards your hotel becoming PCI compliant.

A few questions to ask your property management software vendor:

1. Is your PMS provider PCI Certified?
2. Does your PMS vendor offer a program to help you become PCI compliant?

Be proactive and find out how your PMS provider can help you attain the highest level of data security possible for your property and work to reduce the PCI compliance burden for your hotel.

In an upcoming post we’ll look at the risks associated with your property not becoming PCI compliant.

Photo Credit: Purple Slog

Back to Main Blog

This visual was inspired by 7 Deadly Myths and Solutions for PCI Compliance

BACK TO MAIN BLOG