Introducing PCI DSS, a highly secure standard

The PCI (Payment Card Industry) is an organization responsible for the development, management, education and awareness of security standards for banking data.
This organization is represented by 5 international payment brands: American Express, Discover Financial Services, JCB international, MasterCard and Visa Inc.
PCI’s aim is to offer ever more secure solutions and protect merchants and users from potential credit card fraud.
The PCI DSS (Data Security Standard) was introduced to improve the security of payment card data.
This standard aims to offer more reliable cards, with rapid response in the event of security incidents.
For a company to be PCI DSS certified, it must comply with compliance guidelines and be able to present the actions it has taken in terms of security.
In return, of course, the company benefits from a strong image of reliability and security, which is sure to reassure and instill confidence in its users and customers.

Although this standard is a security measure to be taken into consideration in all establishments that handle banking information, it is particularly well suited to the hotel world for a number of reasons:

• The hotel industry, unlike other sectors, sometimes needs to store data (in the case of reservations, for example), so it’s essential to know how to manage this data.
• Although not yet compulsory, this standard is tending to develop and become a benchmark.
• A hotel that implements this kind of solution undoubtedly benefits from an image of reliability.
• PCI DSS is an undeniable guarantee that will reassure customers who are attentive to these issues.
• A company in the hotel sector that takes the necessary steps for PCI DSS certification will have a head start over its industry counterparts.
• As a guarantee of quality, PCI DSS also makes it possible to standardize processes within a group, for example
• And that’s not counting the reduced risks associated with greater protection of credit card data: since the hotel industry handles a great deal of data, it can also be a target for theft and malicious use.
  If a hotel fails to take steps to protect its data, it could be subject to a substantial fine, or even be obliged to implement this standard, at the risk of not being allowed to accept credit card payments on its premises.

If this certification is the subject of reflection in companies, it’s because it requires real IT organization work upstream.
In particular, it is important to identify the various people who may come into contact with credit card information (reception, reservations, etc.) and the way in which this information will be managed (destruction, transfer, etc.).
This standard therefore requires everyone to take responsibility for this data, and to set up clearly defined roles within the organization.