PCI compliance: A 12-step program

PCI compliance: A 12-step program

Visa has levied a July 1 deadline for merchants to conform to the PCI Data Security Standard, a set of


• Create a security culture of data protection, compliance

• To prevent security breaches, know how they occur

• Return to series home page



Like this story? Subscribe to Technology!

Hospitality professionals turn to Technology as their go-to news source for the latest technology products and trends. Sign up today to get news and updates on security systems, in-room entertainment, and more delivered to your inbox and read on the go.


requirements for enhancing payment account data security developed by the PCI Security Standards Council. Other credit card brands have set similar deadlines for compliance.

If a merchant is not deemed compliant and is consequently breached, it will incur a slew of substantial repercussions, including a bill for the forensic investigation, fines, increased processing rates and a loss of consumer confidence.

Click here to read "Create a security culture of data protection, compliance"

“We don’t do this in a vacuum; we do this in conjunction with all the constituents and members of the council, many of which are hotel and motel management companies,” said Bob Russo, GM of the PCI SSC. “We evolve these standards based on their feedback.”

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI SSC.

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.


Suggested Articles

Through integration with the Onity DirectKey system, independent properties can add cost-effective digital key capabilities.

OpenKey is expanding the use of keyless entry in the U.K. with the new installation.

Hotels with a history of crime can face legal consequences when they fail to protect guests from foreseeable harm.