Keeping your guests safe and secure while they’re staying at your hotel is second nature. But protecting customer data may not come so naturally. So here at SiteMinder we’ve put together a handy quick start list for hotels to help you understand what’s required to become PCI compliant.
So what exactly is PCI DSS compliance?
Payment Card Industry Data Security Standards, or PCI DSS, is a global standard set by the payment card industry to assist with the prevention of payment card fraud.
SiteMinder has taken the extra step and become PCI Certified. This means all our technology products are fully compliant and verified by external auditors.
Overwhelmed by PCI DSS? Here’s how to start
Getting started can sometimes be the hardest part. Developing and implementing good processes may not only protect your hotel from fraudulent activity, but enhance your guest’s overall experience with your hotel.
Here’s your quick start list – PCI DSS compliance for hotels:
- Name an owner or champion of PCI DSS compliance within your organisation
This person within your hotel can work with the various departments to ensure PCI DSS compliance is understood and act as ‘go to’ person if staff have questions.
- Be proactive
Teach staff why data security is important and the impact any breach may have. Show them how they can be proactive in managing security every day.
- Protect physical data
Control access to the back office and anywhere receipts are filed. Provide secure disposal bins or a shredder for disposal sensitive paperwork.
- Proactively manage access to systems
Restrict access to payment or personal data to only staff who require this information to do their job. Use individual logins and access codes to systems.
- Check your vendor’s approach to data security
Clarify the role vendors play in terms of compliance with data-related standards, and seek PCI DSS compliant partners.
- Secure online booking data
While you may need a paper copy of a reservation, do not print credit card details of customer’s from your online systems. Select an online booking engine that is fully PCI DSS compliant.