The benefits, risks, and solutions to PCI compliance
Payment data security is a hot topic, with huge fines for companies that breach trust and new regulations regularly rolled out. Your Property Management System (PMS) may not get multimillion-dollar fines like Equifax for a breach of millions of cardholder’s data, yet Payment Card Industry (PCI) Compliance is still vital to your business.
Why should PCI Compliance be on your radar? We’re going to cover the basics of PCI Compliance, walking you through:
- What PCI Compliance is
- The benefits of being PCI Compliant
- Risks associated with being non-PCI Compliant
- How you can negate concerns about PCI Compliance
With this guide, you can be confident that your PMS fully meets industry and customer expectations.
What is PCI Compliance?
PCI Compliance, or Payment Card Industry Compliance, is a ream of documentation covering over 1,800 pages of regulations.
The full name is Payment Card Industry Data Security Standard (PCI DSS) and it was launched in 2007. It boils down to the responsibility of every business in the card payment processing chain to process, transmit, and store card details securely.
The PCI DSS is administered and managed by the PCI Security Standards Council, which was created by:
- American Express
Compliance with the regulations falls to the payment brands and card acquirers — the banks that process payments through to merchant accounts.
Why does my PMS need to be PCI Compliant?
PCI Compliance can feel challenging and can become costly. Having a person or even team dedicated to knowing the rules and keeping on the right side of them can eat into your internal resources.
Being PCI Compliant means that you’ll:
- Have more credibility with the hotels you work with, and their guests
- Protect your customer’s credit card data when a booking is created
- Earn a better reputation with card acquirers and other payment partners
- Develop solid infrastructure around data security and online safety
What are the Risks of Not Being PCI Compliant?
Calculating the risk of falling foul of PCI Compliance is vital to see the value of adhering to what can feel like cumbersome processes.
Not being PCI Compliant can lead to:
- Fewer hotel customers, since you lose their trust and they seek competitors they can pay with confidence
- Legal cases filed against you by former customers, banks and card acquirers, and even the government — with potentially huge financial costs
- An audit by the PCI Security Council, your bank or card acquirer, and the government to understand your security issues
- Public relations disasters when customers associate your name with a hack or data breach rather than the software and tools you offer hotels
All of these are definitely worth avoiding for both your PMS and the accommodations you serve.
If your PMS already handles payments, you’ll know the costs associated with remaining Compliant. Many PMS’ pay over $30k to get certified and have ongoing costs of $20k per year.
Can I outsource PCI Compliance?
Payments will be one of many elements of your offering to hotels and you take on a substantial risk by processing them internally. Choosing a payment provider with a PCI Travel Vault is a cost-effective and secure way to outsource your PCI Compliance.
Working with a global payments and compliance solution like Kovena means you can take full advantage of their infrastructure that tokenizes sensitive customer information through a secure, PCI Travel Vault.
With having a PCI Travel Vault provided by Kovena, both your PMS and the hotels you work with are no longer responsible for keeping payment information secure. What’s more, hotel guests need never know that you’re using a third-party solution; systems like Kovena offer a fully white-labeled solution making the guest journey seamless.
Is PCI Compliance a cost or concern for you? Contact Kovena and learn how we can outsource your compliance issues.