Tags
American Express, Conventional PCI, MasterCard, Payment card, Payment Card Industry, Payment Card Industry Data Security Standard, PCI Compliance, PCI Data Security Standard, PCI Security Standards Council, Visa
It seems the buzzword these days is PCI compliance. But can someone explain when an innkeeper has the time to learn the complicated (and often confusing) process of becoming PCI compliant? Well, here at Suite Exchange we think you’ve got better things to do – so instead, we’ve done the homework for you. This is the first part of a multi-part article outlining an overview of what PCI compliance is, why you would want to be PCI compliant, and how you’d go about accomplishing that. It’s worth saying that this topic can be extremely complex. These articles can be good guides to get you started – but because requirements differ depending on your specific business, you need to make sure you research the requirements for your specific Bed and Breakfast or Inn.
A HISTORY LESSON
So let’s start with a bit of history. Once upon a time in the U.S. West (when the west was still pushing westward) there were a lot of people robbing banks. The reason people used to rob banks is because, according to prolific U.S. bank robber Willie Sutton, “That’s where the money is.”
The reasons have not changed but the “where” is different today than it was in the Old West. Instead of sitting in neat stacks in a bank vault, today our money is generally found as electronic signals of 1’s and 0’s. And like the early twentieth century bank robbers, today’s super hackers lay in wait for the perfect opportunity to take those 1’s and 0’s away from you – and your clients.
Enter Visa, MasterCard, Discover, American Express and JCB. At one time each had its own program designed to protect card issuers by making sure merchants meet minimum levels of security when they store, process or transmit cardholder data. On December 15th 2004 these five companies came together to create The Payment Card Industry Security Standards Council. Together they aligned their individual policies and released the Payment Card Industry (PCI) Data Security Standard (DSS).
SO WHAT DOES THIS MEAN FOR ME?
So what does all this stuff mean for you and I? To begin, if you take any payment card transactions (credit or debit) you are required to be in compliance with the PCI DSS. It’s important to note that the Security Standards Council is self-regulated and has no legal authority. In addition each of the various card companies apply the Data Security Standard in their own way, but ultimately if your business wishes to do card transactions, you will be required to adhere to the standards. Failure to meet the minimum standards can be costly if a security breach occurs. Some of the consequences could include: Continue reading