Time to review your practices?
No matter what type of business you run, if you accept payments from customers it is vital that you follow PCI compliance guidelines.
The hospitality sector is known for being the biggest target for fraudulent behaviour and security issues. In 2015 many well-known hotel chains openly reported security breaches, Rosen Hotels & Resorts, Hilton Hotels, Hyatt, Starwood and Trump Hotel Collection all reported how they had experienced credit card security problems.
Not only does PCI Compliance offer reassurance to your customers, it also protects your business.
A breach of secure data and how you handle it could have a serious impact on your reputation. In 2016, we must be aware of the importance of data and how to handle it correctly.
Here are some things you should review:
- Encrypt – Cardholder data must be encrypted across any network.
- Access – Only ‘need to know’ employee’s login credentials should have access to guest’s payment details.
- Anti-virus – Use and regularly update antivirus software to add layered security to your data.
- Evaluate – Look at how your company accepts payments. Can you reduce the risk to customers and protect your business by changing practices? Review new payment technology by third parties who offer encryption and tokenisation of card data.
- Storage of paperwork – It’s not just the data you have stored on your computer system which you need to make secure. Cardholder’s details are also at high risk of identity theft. All forms and cardholder information needs to be kept in lockable storage and restricted access to only ‘need to know’ team members.
- Review your system – Under no circumstance should credit card details be entered into a section of a system which isn’t designed for that purpose. Entering any information of the customer’s credit card into a notes field of a database is a serious breach of PCI compliance. Review your system and reinforce these rules to team members.
- Passwords – All team members who have access to customer’s card or personal data must have a unique ID/username. Passwords should never be generic, should never be written down, pinned to a PC or shared in any way. Regularly review and recreate passwords to make them more secure. Ensure each password is unique to the user.
- Allocate a PCI Compliance Officer – Dedicate the monitoring of data and the processes which you use to a member of your team. Having someone who is diligently keeping an eye out can prove to be crucial in protecting your business from risk. Hold regular PCI Compliance meetings and keep up to date with changes in regulations.