Friday, 25 July 2014

PCI compliance - prime reasons to ensure you do not get caught out

Did you know that in 2012, 54 per cent of all credit card breaches and fraudulent activity worldwide occurred within the accommodation and food and beverage industry?

Regardless of the penalties any hotel could face from a compliance point of view, this statistic is still worrying and potentially very damaging to any business.
It is for this reason that the banks and acquires such as Visa and MasterCard have made hotels and businesses within the hospitality industry agree to store their card data securely within their terms and conditions of the merchant services agreements. These payment card storage rules are through the Payment Card Industry Data Security Standard (PCI-DSS)

Acquiring Banks (E.g. Streamline, First data merchant services etc.) can be fined by the card schemes if their merchants are not compliant. They are now aggressively chasing and auditing businesses on their PCI compliance and the fines and penalties incurred can, if their targets are not reached, be passed on to the merchants. Non-compliance fees are being implemented via increased transaction percentages and monthly flat charges, variable by acquirer.

Guestline, who are providers of software to the hotel and hospitality industry, have outlined several key reasons for hoteliers to follow and ensure they are compliant and warns of the dangers and implications they face if they find themselves in breach of PCI compliance.

Reason 1 – Any business ‘touching’ credit card data MUST be PCI compliant. The standard, which is set by the acquirers and banks means all business must be PCI Level 1 compliant.

Many hotels self-assess as being compliant with the PCI-DSS without considering the delivery of reservations to them from third parties. If you are using an external supplier to process your credit card information, whether through a channel manager or booking engine, and they are not compliant your business WILL NOT be compliant either.

Guestline are the only total solution provider to the hospitality industry of fully integrated PMS, channel managers and online booking services who ARE PCI Level 1 compliant. It is important to check all your suppliers before it is too late! Ask them today.

Reason 2 – Becoming PCI Level 1 compliant will MAKE you MONEY!

Storing payment card details enables you to charge for lost revenue through cancellation charges and take payment for no show fees. This can represent a significant percentage of revenue for some properties.

Guestline’s PCI Manager software has the ability to provide a complete check on all cards to ensure they are not fraudulent and that they are valid for use. The card data is then securely stored with a Payment Service Provider who are assessed as PCI-DSS Level 1 Service Providers, completely removing the need for the hotel to store card data. This dramatically reduces the cost and complexity of maintaining compliance, as well as reducing the risk to the business from breached card data.

Marstons hotel group installed Guestline’s PCI Manager and were able to generate £147,000 of no show revenue (in nine months) as a result of automated payments. Previously they had not been taking payments as it was too costly to take guarantees.

Reason 3 – Becoming PCI compliant will SAVE you MONEY

Using Guestline’s PCI Manager Software will save money by significantly reducing the liability and opportunity for charge-backs due to fraudulent activity.
Fines imposed for not being compliant will vary depending on the bank or acquirer. Barclaycard, for example, have been known to charge £500 per month for noncompliance, whilst other banks may charge an additional percentage fee on each transaction.

In addition, if a hotel is storing card data and is breached, the following cost will need to be met:
Average cost for investigation, remediation and compensation after a breach is £85 per individual card record breached.
Fines from the card schemes and acquiring banks, which can range up to $250,000.
After a breach, the merchant will be required to have an annual assessment from a Qualified Security Assessor. Daily fees for QSA are generally in excess of £1000 per day, + costs.
There is also a massive risk of damage to reputation and commercial value. The damage this would do to your reputation and potential lost revenue could be catastrophic for a business, regardless of size.

Reason 4 – Potential loss of existing and new business

Hotels are beginning to find during corporate rate negotiations that compliance with PCI-DSS is a pre-requisite for winning the business. Large corporates who have been through stringent assessments of compliance do not want to compromise their own compliance by passing card data on to hotels who are not storing it securely. Therefore non-compliance is resulting in many businesses losing out on extremely valuable contracts.

These reasons all make a good case for maintaining PCI-DSS compliance. Guestline has developed a very simple, efficient and completely compliant solution for hotels and hospitality businesses in order to address all these issues, save money and generate revenue.

The Guestline PCI Manager will provide you with all of the tools you need to achieve compliance with PCI-DSS and provides a secure process for cardholder not-present transactions.

The PCI Manager is a combination of technology and business processes aimed at achieving compliance in a structured, easy to follow format.

Benefits of PCI Manager:
Enables you to take deposits from customers over the phone or via your website in a secure manner
Permits you to apply cancellation charges for no show bookings without the need to store cardholder data
Offers advanced purchase rates and securely captures revenue
A service to help the hotel achieve PCI security
The service includes:
Security scans
Site visits from engineers
An information security policy, tailored to hotel operations
Online training tools for staff in card handling processes
Checklists for initial compliance tasks, along with quarterly and annual checklist for maintaining compliance
Self-Assessment completion guidance and advice

For further information on how you can ensure your business is Level 1 PCI Compliant please contact the Guestline team on 01743 282300


Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
UC browser
MX player

Make sure to use some of the paraphrasing tools from this blog post. I think they could be really helpful

What a resourceful piece of information thank you for sharing. When it becomes hard to manage your resources, you can check this. I am very happy to read your post. I'm also sharing my nice stuff to you guys please go through it and take a review.
iOS App Development|Freelance software developer|App development | software developer

Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you.Marble Cleaning Medford MA

I’ve read some good stuff here. Definitely worth bookmarking for revisiting. I surprise how much effort you put to create such a great informative website.
Pressure Washing Colorado Springs

It was wondering if I could use this write-up on my other website, I will link it back to your website though.Great Thanks.New Window Installation Lake Glenview

I am unable to read articles online very often, but I’m glad I did today. This is very well written and your points are well-expressed. Please, don’t ever stop writing.
Re-Keying Sugar Land

It is imperative that we read blog post very carefully. I am already done it and find that this post is really amazing.Sump Pump Installation Rockville

Im no expert, but I believe you just made an excellent point. You certainly fully understand what youre speaking about, and I can truly get behind that. Heater Installation Alexandria

This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information...

I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post.

That is something interesting and new to read. I am here to relate it to Virtual reality application that is also something up-to-date thing.

Those were the best essay writing services available currently. Now, nothing is standing between you and cheap school essay aid. You can easily pick something that suits your needs specifically. So, don’t essays master review wait around while deadlines are nearing. Act now and use these essay services!

We don’t just write papers, although we can write papers on the theories behind mathematical and scientific principles. We can also do your calculations for you.

Post a Comment

Explore our blog...