Does our Hotel or Resort need to be PCI Compliant?

Answer two simple questions to determine your PCI (Payment Card Industry) compliance:

Does your business accommodate credit card information in any form?
Does your business house credit card information on servers, whether lease through third party providers or fully owned?

PCI Compliance - Make sure your business meets the Payment Card Industry Data Security Standard If you answered yes to either of these questions then your business is responsible for complying with PCI DSS (Payment Card Industry Data Security Standard).

PCI DSS applies to every hotel property that processes credit or debit card information. Credit card companies have the ability to levy stiff fines and remove a property’s ability to process credit card transactions until they meet PCI compliance guidelines. PCI Standards High Points as defined by the PCI Security Standards Council

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program
Use and regularly update anti-virus software
Develop and maintain secure systems and applications Implement Strong Access Control Measures
Restrict access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes Maintain an Information Security Policy
Maintain a policy that addresses information security