PCI Compliance and E-Commerce
PCI Security Standards Council recently issued guidelines to assist merchants, including those in the hospitality industry, with payment card security in e-commerce environments. PCI-DSS requirements apply to e-commerce environments for both the merchant and any e-commerce payment processors used by the merchant. Hotels, like any merchant, must understand that regardless of the extent of outsourcing to third parties, the hotel/merchant retains responsibility for ensuring that payment card data is protected. The guidelines also provide that (i) the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained; (ii) e-commerce payment applications such as a virtual shopping carts should be validated according to PCI-DSS, and confirmed to be included on PCI SSC’s list of Validated Payment Applications; and (iii) third-party relationships and the PCI-DSS responsibilities of the merchant and each third party should be clearly documented in a contract or service-level agreement hosting/cloud services for merchants.
The Council, in the E-Commerce Guidelines, suggests that all merchants, including those in the hospitality industry, are trained to use systems securely and to follow defined procedures. Such training should include awareness of potential security threats and the appropriate action to take in the event of a suspected breach. Further, merchants, including those in the hospitality industry, should train technical staff to properly manage security including firewalls, digital certificates, and SSL encryption.
To receive the full benefit of the PCI Data Security Standards, hoteliers should implement a PCI compliance program that includes PCI compliance training for their employees. The most effective PCI training for hotels includes custom learning solutions, such as PCI compliance training modules and similar training on best practices for using hospitality technology.
Venza Group: Since 2008, the Venza Group® partners with the hospitality industry as its premier provider of custom learning solutions. Through PEAK™, the Venza Group also offers off-the-shelf courses on compliance and workforce effectiveness … especially crafted for hoteliers.
Link: https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf.