29 October 2015

PCI Compliance For Hotels: Can Guests Trust You?

There has been a recent increase in security breach scandals involving high-profile companies. These breaches affected millions of customers, exposing credit and debit cards, as well as names, addresses, email addresses, and phone numbers.

But did you know a similar thing is happening at hotels around the country? This article from Krebs on Security about a recent breach at the Trump Hotel Collection caught our eye:

“It appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems. Payment card data (including payment card account number, card expiration date, and security code) of individuals who used a payment card at the Hotel between May 19, 2014, and June 2, 2015, may have been affected.”

As Krebs points out, this is nothing new—in fact, it’s part of an alarming trend in hotels leaking guests’ credit and debit card information.

So, what steps can hotel managers and owners take to counteract this reputation-blasting occurrence from happening at their properties?

PCI Compliance

One of the most important things you can do to protect your customers’ sensitive information is to stay compliant through the Payment Card Industry Data Security Standard (PCI DSS).

The PCI DSS forbids companies, including hospitality and lodging businesses, from not only retaining authentication data in any format, but also from storing sensitive data, including card validation codes and values, even if they are encrypted. That means your company may be in breach of PCI compliance for hotels standards if you’re storing non-compliant recorded call data, no matter how small or large your archive is.

Here’s another way of putting it (from PCI Compliance and the Hospitality Industry):

“Review sales and catering electronic systems. Are credit card numbers entered in notes, comments or other such fields? These fields are not encrypted, rendering any credit card data stored in such fields accessible to hackers or employees to pilfer credit card numbers or other personal data. Credit card data must only be entered in the fields designated for such purposes in these systems.”

So, how can hotels stay PCI compliant?

One key way your hotel can get and stay PCI compliant is with Callcap’s compliance solution, GuestProtect. GuestProtect automatically redacts credit card numbers from recordings, so you are not in violation of PCI standards and your customers’ sensitive information is protected.

“PCI compliance is the minimum requirement for anyone handling credit card information, especially those in the hospitality industry,” Callcap CEO William Steinhoff said. “The penalties of non-compliance are often not discussed, nor widely publicized. More importantly, a breach can be very disruptive for hotels, and it can have long-term negative effects on their reputation.”

To learn more about using GuestProtect for PCI compliance at your hotel, contact one of our business development specialists today.