Did you know that in 2012, 54 per cent of all credit card breaches and fraudulent activity worldwide occurred within the accommodation and food and beverage industry?
Regardless of the penalties any hotel could face from a compliance point of view, this statistic is still worrying and potentially very damaging to any business.
It is for this reason that the banks and acquires such as Visa and MasterCard have made hotels and businesses within the hospitality industry agree to store their card data securely within their terms and conditions of the merchant services agreements. These payment card storage rules are through the Payment Card Industry Data Security Standard (PCI-DSS)
Acquiring Banks (E.g. Streamline, First data merchant services etc.) can be fined by the card schemes if their merchants are not compliant. They are now aggressively chasing and auditing businesses on their PCI compliance and the fines and penalties incurred can, if their targets are not reached, be passed on to the merchants. Non-compliance fees are being implemented via increased transaction percentages and monthly flat charges, variable by acquirer.
Guestline, who are providers of software to the hotel and hospitality industry, have outlined several key reasons for hoteliers to follow and ensure they are compliant and warns of the dangers and implications they face if they find themselves in breach of PCI compliance.
Reason 1 – Any business ‘touching’ credit card data MUST be PCI compliant. The standard, which is set by the acquirers and banks means all business must be PCI Level 1 compliant.
Many hotels self-assess as being compliant with the PCI-DSS without considering the delivery of reservations to them from third parties. If you are using an external supplier to process your credit card information, whether through a channel manager or booking engine, and they are not compliant your business WILL NOT be compliant either.
Guestline are the only total solution provider to the hospitality industry of fully integrated PMS, channel managers and online booking services who ARE PCI Level 1 compliant. It is important to check all your suppliers before it is too late! Ask them today.
Reason 2 – Becoming PCI Level 1 compliant will MAKE you MONEY!
Storing payment card details enables you to charge for lost revenue through cancellation charges and take payment for no show fees. This can represent a significant percentage of revenue for some properties.
Guestline’s PCI Manager software has the ability to provide a complete check on all cards to ensure they are not fraudulent and that they are valid for use. The card data is then securely stored with a Payment Service Provider who are assessed as PCI-DSS Level 1 Service Providers, completely removing the need for the hotel to store card data. This dramatically reduces the cost and complexity of maintaining compliance, as well as reducing the risk to the business from breached card data.
Marstons hotel group installed Guestline’s PCI Manager and were able to generate £147,000 of no show revenue (in nine months) as a result of automated payments. Previously they had not been taking payments as it was too costly to take guarantees.
Reason 3 – Becoming PCI compliant will SAVE you MONEY
Using Guestline’s PCI Manager Software will save money by significantly reducing the liability and opportunity for charge-backs due to fraudulent activity.
Fines imposed for not being compliant will vary depending on the bank or acquirer. Barclaycard, for example, have been known to charge £500 per month for noncompliance, whilst other banks may charge an additional percentage fee on each transaction.
In addition, if a hotel is storing card data and is breached, the following cost will need to be met:
Average cost for investigation, remediation and compensation after a breach is £85 per individual card record breached.
Fines from the card schemes and acquiring banks, which can range up to $250,000.
After a breach, the merchant will be required to have an annual assessment from a Qualified Security Assessor. Daily fees for QSA are generally in excess of £1000 per day, + costs.
There is also a massive risk of damage to reputation and commercial value. The damage this would do to your reputation and potential lost revenue could be catastrophic for a business, regardless of size.
Reason 4 – Potential loss of existing and new business
Hotels are beginning to find during corporate rate negotiations that compliance with PCI-DSS is a pre-requisite for winning the business. Large corporates who have been through stringent assessments of compliance do not want to compromise their own compliance by passing card data on to hotels who are not storing it securely. Therefore non-compliance is resulting in many businesses losing out on extremely valuable contracts.
These reasons all make a good case for maintaining PCI-DSS compliance. Guestline has developed a very simple, efficient and completely compliant solution for hotels and hospitality businesses in order to address all these issues, save money and generate revenue.
The Guestline PCI Manager will provide you with all of the tools you need to achieve compliance with PCI-DSS and provides a secure process for cardholder not-present transactions.
The PCI Manager is a combination of technology and business processes aimed at achieving compliance in a structured, easy to follow format.
Benefits of PCI Manager:
Enables you to take deposits from customers over the phone or via your website in a secure manner
Permits you to apply cancellation charges for no show bookings without the need to store cardholder data
Offers advanced purchase rates and securely captures revenue
A service to help the hotel achieve PCI security
The service includes:
Site visits from engineers
An information security policy, tailored to hotel operations
Online training tools for staff in card handling processes
Checklists for initial compliance tasks, along with quarterly and annual checklist for maintaining compliance
Self-Assessment completion guidance and advice
For further information on how you can ensure your business is Level 1 PCI Compliant please contact the Guestline team on 01743 282300