Are you a hospitality business? Do you take online bookings? Take contactless payments? Accept popular credit cards such as American Express, Visa, and Mastercard? Listen up! This article is for you…
What is PCI compliance?
The Payment Card Industry Data Security Standard is a security standard put in place for businesses that take payments and information from a range of large card companies. In simple terms, PCI compliance is a security standard that is put in place to keep your customer’s and client’s card information safe and secure.
What are the consequences of not being PCI compliant?
The consequences of not being PCI compliant can have a real impact on your business.
Most people don’t realise it but card merchants charge a monthly fee for businesses that don’t have PCI compliance in place. These fees can be easily avoided.
The whole point of PCI compliance is to keep your customer’s card details safe and secure, so what happens if their data is breached? Although PCI compliance is technically not law, it can still result in fines and penalties for businesses that run into trouble.
Businesses who breach PCI compliance can be fined anything between £4,000 to £80,000 by card payment providers. As card details fall under General Data Protection Regulation (GDPR), you could receive additional fines of up to £18m or 4% of your annual company turnover (whichever is higher).
The hospitality industry has struggled enough throughout the Covid-19 pandemic, so fines like this could have serious implications for your business.
How do I know if my business is required to be PCI compliant?
Hospitality businesses meet all the criteria for needing to be PCI compliant. Taking contactless payments, taking bookings online, taking people’s card details to secure the booking, and taking upfront payments either online or over the phone.
All these methods have become increasingly popular, it’s more than likely your business provides at least one of them. So therefore PCI compliance should be on your to-do list, it’s quick and simple and more importantly not expensive.
More important now than ever before…?
With lots of large restaurant groups in the UK taking either deposit or card payments in order to secure a booking, smaller and more independent businesses are following suit, and post lockdown it is more important than ever that hospitality businesses minimise the amount of no shows, and this is where these procedures come into play.
There is no doubt these methods help to reduce no-shows, encourage people to turn up to their bookings, and overall helps to keep your business booked and busy, but if you are not PCI compliant you could be at risk of losing much more.
More and more businesses are trying to secure their booking. Customers have no issue paying for theatre tickets upfront, and dining experiences are heading in a similar direction. So if these methods are something your hospitality business will be adopting post-pandemic, PCI compliance isn’t a step to skip.
How do I become PCI compliant?
There are 6 key steps you need to take to meet the standard and be PCI compliant:
- Build and maintain a secure network (if you have any concerns about your network security, click here to book a free network security test with Astaris)
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test network security
- Maintain an information security policy
All of these steps are slightly more difficult than they may appear at first glance, so having professionals step in to help will not only ensure you are following guidelines but make it a much easier process.
Specialist hospitality IT support companies understand how your hospitality business operates and can help you put the correct procedures in place. To find out more about how Astaris can help, visit our PCI compliance page.
So don’t wait, get in contact today and see how you can become PCI compliant.