| Last year, the hospitality industry became the most | | | | compliance. Earlier this year ReServe Interactive, a |
| targeted industry for data breaches according to a | | | | leader in hospitality management software solutions, |
| Global Security Report by Trustwave. Here's a top | | | | selected Element as its PCI DSS compliant solutions |
| five list of what every, hotel, restaurant and resort | | | | partner for its suite of catering, event management, |
| operator needs to know (and do) about PCI | | | | dining reservations and table management software |
| compliance in 2010: | | | | products. Look for partners with technology like |
| 1. If you aren't well versed in it already, get familiar with | | | | tokenization and end-to-end encryption, which will likely |
| the PCI DSS. The Payment Card Industry Data | | | | reduce your scope of PCI compliance. |
| Security Standard, or PCI DSS for short, is a set of | | | | 4. As of July 1, 2010, all merchants (that's you!) must be |
| requirements that all businesses-regardless of | | | | using payment application software that has been |
| size-must adhere to in order to accept payment cards. | | | | validated as Payment Application Data Security |
| Their purpose is to ensure the security of cardholder | | | | Standard (PA-DSS) compliant. A listing of certified |
| data and to help prevent credit card fraud, hacking, | | | | payment applications can be found on the PCI SSC |
| and other security issues. The standard is enforced by | | | | website. |
| the major credit card companies that make up the | | | | But don't just stop there if you see your software |
| Payment Card Industry Security Council-American | | | | provider listed there - be sure to check that you have |
| Express, Discover, JCB, MasterCard and Visa. | | | | upgraded to the PA-DSS compliant version of the |
| Merchants fall under four categories of PCI DSS | | | | application. If your software provider is not on the list, |
| compliance, depending on the number of transactions | | | | also check with them to see if they have gone out of |
| they process each year, and whether those | | | | scope for PA-DSS compliance through a hosted |
| transactions are performed from a brick and mortar | | | | PA-DSS solution like Hosted Payments. |
| location or over the Internet. | | | | If you aren't using a PA-DSS validated application now |
| PCI compliance for merchants can get a bit tricky: | | | | that July 1 has passed, you risk losing the ability to |
| each payment card brand (Visa, MasterCard, etc.) has | | | | process credit and debit card transactions - an |
| their own requirements for PCI compliance. You need | | | | absolute must for any business in the hospitality |
| to know the different PCI compliance deadlines and | | | | industry. |
| requirements for each payment card brand. | | | | 5. In the coming months, be on the lookout for new |
| 2. If you're an independent hotel, restaurant or resort, | | | | iterations of both the PCI DSS and PA-DSS. They are |
| the onus really is on you to become PCI DSS | | | | due out in October, after the annual PCI compliance |
| compliant and verify your compliance with each | | | | community meetings in the US and Europe. The PCI |
| payment card brand. If you are part of a franchise, | | | | standards follow a defined 24-month lifecycle, ensuring |
| reach out to your franchisor to see they have | | | | a gradual, phased use of new versions of the |
| implemented any kind of PCI compliance program for | | | | standard without invalidating current implementations of |
| their franchisees or if they are offering any advice. | | | | the standards or putting any organization out of |
| 3. Research partnerships to ease the burden of PCI | | | | compliance the moment changes are published. |