This article discusses the importance of payment card information (PCI) compliance in the era of Internet hackers and identity thieves. The payment card industry has developed security standards for handling cardholder credit card information in a published standard called the PCI data security standard (DSS). These security requirements apply to all members, merchants, and service providers that store, process or transmit cardholder data.
So what does this mean to the average hospitality business? Banks, credit card processing gateways, software developers and even hospitality businesses must be PCI compliant. In fact, any business that processes credit cards is required to become PCI compliant. There are several levels of compliance depending on the number of credit card transactions a business processes per year. The good news is that it is relatively easy for hospitality businesses to get this type of certification.
How do hospitality businesses become PCI compliant? Here’s a to do list to get you started:
- Use a validated software program and validated credit card gateway.
- Make sure you process all credit card payments on computers designated for business use only.
- You must maintain a basic firewall installation.
- Do not use default Windows passwords such as “password” to log into any computer.
- You must have anti-virus software installed on all computers and set to always scan.
- If you use a wireless network, you must also ensure that it is secure and encrypted.
In addition to these items, you are required to join a PCI compliance program that allows you to run security scans on your network. As part of this process, you will fill out a questionnaire that assesses your level of compliance before you can officially become PCI compliant.
RezStream products feature the following PCI security measures:
- RezStream requires 7-10 digit “strong passwords” for program access and credit card number access.
- RezStream does not store swiped data from any credit card.
- RezStream uses 256 bit strong encryption of all credit card numbers.
- RezStream uses SSL (secure socket layer) and strong encryption when transferring credit card numbers from the RezStream Booking Engine.
- RezStream does not store security codes, or transfer security codes, to any RezStream product.
- RezStream does not display full card numbers on invoices, in letters, etc.
- Full credit card numbers cannot be viewed without entering a user name and password.
- RezStream logs all credit card access activity.
Who do I contact to become PCI compliant?
You should contact your merchant account provider regarding PCI compliance. Most merchant account providers have PCI compliance programs and can help you navigate through the process. In addition, when you sign up for RezStream’s credit card processing module, you may also enter into the PCI compliance program through RezStream’s preferred partnership with Payment Processing, Inc. (PPI) The cost is $300 per year and entitles you to 24/7 technical help in becoming PCI compliant. This service also allows access to online scan services, all questionnaires, and any other assistance you need in becoming PCI certified. Call 866-360-8210 for more information.
Conclusion:
All businesses must go through the PCI program, self test, submit to third party on-site testing (if required), and apply to be granted a PCI record of compliance. The deadline for all businesses to be PCI compliant is currently July 2010. Larger businesses are scrambling to become PCI compliant; however, smaller companies also have a responsibility to be PCI compliant. It should be noted that it is simply not enough to “do everything that Visa and MasterCard require” to be PCI compliant. You must also get certified. While PCI compliance may not be glamorous, it is critical to obtain with hackers and identity thieves out there who would like nothing more than to steal a few thousand of your customer’s credit card numbers, and other private information, for their own personal gain.
If you need more information about PCI compliance, please call RezStream at 866-360-8210.
