PCI compliance: A best defense against hackers - 0 views
-
The Payment Card Industry Data Security Standard, or PCI DSS, is a set of comprehensive requirements for enhancing payment account data security
-
Every hotel that stores, transmits or processes credit card data must be compliant with PCI DSS, which comprises 12 specific requirements outlined in six specific goals.
-
Compliance becomes mandatory 1 July 2010, he said.
-
This is part 3 of a 7-part series about hotel IT security) This article discusses The Payment Card Industry Data Security Standard, or PCI DSS which is "a set of comprehensive requirements for enhancing payment account data security... which fosters a consistent and uniform set of standards among the five major credit brands (Visa, MasterCard, American Express, Discover, and JCB). It lists the 12 requirements and six goals which are mandatory for hotels as of July 2010 which include building and maintaining a secure network; protecting cardholder data; having a vulnerability management program; implementing access control measures; and regularly monitoring and testing networks. As a consumer and as a hospitality professional, it is good to know that there has been a data security standard developed, and that it is required for hotels (and other merchants) to implement and develop compliance programs at every property. Also discussed are six goals for making data security decisions, such as "If you don't need it, don't store it." Upon reading these it is refreshing to see such common sense advice and no pretentiousness in the documentation guidelines. The article finishes stating that data security should not be bothersome or inconvenient, that data security is essential in light of hotel liability consequences should a guest's payment and identification data be compromised.
-
This article talks about the PCI DSS which has been a mandatory standard since 2010. Every credit card processes by hotel has to conpliant with PCI DSS, or the hotel will be fined up to USD$500,000. The PCI DSS has six specific goads with 12 specific requirements. Those are: Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.