PCI compliance: A 12-step program

PCI compliance: A 12-step program

Visa has levied a July 1 deadline for merchants to conform to the PCI Data Security Standard, a set of


• Create a security culture of data protection, compliance

• To prevent security breaches, know how they occur

• Return to series home page


Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.


requirements for enhancing payment account data security developed by the PCI Security Standards Council. Other credit card brands have set similar deadlines for compliance.

If a merchant is not deemed compliant and is consequently breached, it will incur a slew of substantial repercussions, including a bill for the forensic investigation, fines, increased processing rates and a loss of consumer confidence.

Click here to read "Create a security culture of data protection, compliance"

“We don’t do this in a vacuum; we do this in conjunction with all the constituents and members of the council, many of which are hotel and motel management companies,” said Bob Russo, GM of the PCI SSC. “We evolve these standards based on their feedback.”

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI SSC.

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.


Suggested Articles

The programs integrate air quality, safety and security technologies along with advanced analytics.

Outrigger Hospitality Group has outlined its elevated standard for cleanliness and safety as the company prepares to reopen its resorts.

Through the partnership, the two companies expect to develop new safety and productivity solutions.