5 key points to watch for in PCI 3.0

Hotel Management had a chance to sit in on a session on the recently released 3.0 update to the PCI security standard, and we’ve rounded a list to keep top-of-mind when charting a security course.

The panel included Sean Mathena, managing consultant, Trustwave; Jeffrey Stephen Parker, VP technology, Stout Street Hospitality; and Wayne Lee, managing principal, Verizon Risk Team.

1. Compliance as Business As Usual: Overall, the new update puts a broader emphasis on PCI compliance as a yearlong process, instead of only around assessment time.  

Virtual Event


Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.

2. Risk Assessment Clarification: In keeping with #1, the language surrounding risk assessments has been clarified to call out that assessments should be performed at least once per year, after any new event that could introduce a significant new risk into the environment.

3. E-Commerce Redirect: If a website redirects a customer to a gateway or other service, such as PayPal, that service is now in scope.

4. Service Provider Agreements: Service providers must use unique credentials for what they are doing for the hotel, and new service provider agreements must articulate what that provider is responsible for (effective July 1, 2015).

5. POS Devices: Hotels must now take steps, including personnel training, to prevent their POS devices from physical tampering. Hotels must also maintain a list of devices and conduct periodic inspections (effective July 1, 2015).

Suggested Articles

The agreement will extend Agilysys customers’ access to contactless global omnichannel payments.

The project encompassed a real-time, two-way integration between Infor HMS and Glowing’s Digital Engagement Cloud at Mandarin Oriental hotels.

CIRQ+CLEAN is a touchless sterilization system that dispenses cleaning fluid through an in-room Internet-of-Things robot.