PCI compliance: A 12-step program

PCI compliance: A 12-step program

Visa has levied a July 1 deadline for merchants to conform to the PCI Data Security Standard, a set of


• Create a security culture of data protection, compliance

• To prevent security breaches, know how they occur

• Return to series home page


Virtual Event


Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


requirements for enhancing payment account data security developed by the PCI Security Standards Council. Other credit card brands have set similar deadlines for compliance.

If a merchant is not deemed compliant and is consequently breached, it will incur a slew of substantial repercussions, including a bill for the forensic investigation, fines, increased processing rates and a loss of consumer confidence.

Click here to read "Create a security culture of data protection, compliance"

“We don’t do this in a vacuum; we do this in conjunction with all the constituents and members of the council, many of which are hotel and motel management companies,” said Bob Russo, GM of the PCI SSC. “We evolve these standards based on their feedback.”

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI SSC.

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.


Suggested Articles

Organizations are putting customers’ cardholder data at risk due to a lack of long-term payment security strategy and execution, the report claimed.

Keyscan Aurora 1.0.21 provides a single software solution that powers Keyscan access-control systems, regardless of size or complexity.

The cloud-based Bounte Protect platform minimizes touch and helps boost guest security when recovering lost items.