Guestline, who are providers of software to the hotel and hospitality industry, have outlined several key reasons for hoteliers to follow and ensure they are compliant and warns of the dangers and implications they face if they find themselves in breach of PCI compliance. — Photo by Guestline

PCI compliance – prime reasons to ensure you do not get caught out!

Did you know that in 2012, 54 per cent of all credit card breaches and fraudulent activity worldwide

occurred within the accommodation and food and beverage industry?*

Regardless of the penalties any hotel could face from a compliance point of view, this statistic is still

worrying and potentially very damaging to any business.

It is for this reason that the banks and acquirers such as Visa and MasterCard have made hotels and

businesses within the hospitality industry agree to store their card data securely within their terms and conditions of the merchant services agreements. These payment card storage rules are through the Payment Card Industry Data Security Standard (PCI- DSS).

Acquiring Banks (E.g. Streamline, First data merchant services etc.) can be fined by the card

schemes if their merchants are not compliant. They are now aggressively chasing and auditing businesses on their PCI compliance and the fines and penalties incurred can, if their targets are not reached, be passed on to the merchants. Non-compliance fees are being implemented via increased transaction percentages and monthly flat charges, variable by acquirer.

Some suppliers and service providers have been stating they are PCI compliant but have not

provided evidence of this, to avoid confusion for merchants using 3rd party companies to handle card transactions, Visa Europe have instigated the Merchant Agent initiative, where companies who have proven their compliance are listed in an on-line registry.

Hotels are advised to check their suppliers, the listing can be found here: https://www.visamerchantagentslist.com/

Guestline, who are providers of software to the hotel and hospitality industry, have outlined several

key reasons for hoteliers to follow and ensure they are compliant and warns of the dangers and implications they face if they find themselves in breach of PCI compliance.

Reason 1 – Any business 'touching' credit card data MUST be PCI compliant. The

standard, which is set by the acquirers and banks means all business must be PCI compliant.

Many hotels self-assess as being compliant with the PCI-DSS without considering the delivery of

reservations to them from third parties. If you are using an external supplier to process your credit card information, whether through a channel manager or booking engine, and they are not compliant your business WILL NOT be compliant either.

Guestline are the only total solution provider to the hospitality industry who ARE PCI Level 1

compliant. It is important to check all your suppliers before it is too late! Ask them today.

Reason 2 – Becoming PCI compliant will MAKE you MONEY!

Storing payment card details enables you to charge for lost revenue through cancellation charges

and take payment for no show fees. This can represent a significant percentage of revenue for some properties.

Guestline's PCI Manager software has the ability to provide a complete check on all cards to ensure

they are not fraudulent and that they are valid for use. The card data is then securely stored with a Payment Service Provider who are assessed as PCI-DSS Level 1 Service Providers, completely removing the need for the hotel to store card data. This dramatically reduces the cost and complexity of maintaining compliance, as well as reducing the risk to the business from breached card data.

Marstons hotel group installed Guestline's PCI Manager and were able to generate £147,000 of no

show revenue (in nine months) as a result of automated payments. Previously they had not been taking payments as it was too costly to take guarantees.

Reason 3 – Becoming PCI compliant will SAVE you MONEY

Using Guestline's PCI Manager Software will save money by significantly reducing the liability and

opportunity for charge-backs due to fraudulent activity.

Fines imposed for not being compliant will vary depending on the bank or acquirer. Barclaycard, for

example, have been known to charge £500 per month for noncompliance, whilst other banks may charge an additional percentage fee on each transaction.

In addition, if a hotel is storing card data and is breached, the following cost will need to be met:

  • Average cost for investigation, remediation and compensation after a breach is £85 per individual card record breached.
  • Fines from the card schemes and acquiring banks, which can range up to £250,000.
  • After a breach, the merchant will be required to have an annual assessment from a Qualified Security Assessor. Daily fees for QSA are generally in excess of £1000 per day, + costs.
  • There is also a massive risk of damage to reputation and commercial value. The damage this would do to your reputation and potential lost revenue could be catastrophic for a business, regardless of size.

Reason 4 – Potential loss of existing and new business

Hotels are beginning to find during corporate rate negotiations that compliance with PCI-DSS is a

pre-requisite for winning the business. Large corporates who have been through stringent assessments of compliance do not want to compromise their own compliance by passing card data on to hotels who are not storing it securely. Therefore non-compliance is resulting in many businesses losing out on extremely valuable contracts.

These reasons all make a good case for maintaining PCI-DSS compliance. Guestline has developed a

very simple, efficient and completely compliant solution for hotels and hospitality businesses in order to address all these issues, save money and generate revenue.

The Guestline PCI Manager will provide you with all of the tools you need to achieve compliance with

PCI-DSS and provides a secure process for cardholder not-present transactions.

The PCI Manager is a combination of technology and business processes aimed at achieving

compliance in a structured, easy to follow format.

Benefits of PCI Manager:

  • Enables you to take deposits from customers over the phone or via your website in a secure manner
  • Permits you to apply cancellation charges for no show bookings without the need to store cardholder data
  • Offers advanced purchase rates and securely captures revenue
  • A service to help the hotel achieve PCI security

The service includes:

  • Security scans
  • Site visits from engineers
  • An information security policy, tailored to hotel operations
  • Online training tools for staff in card handling processes
  • Checklists for initial compliance tasks, along with quarterly and annual checklist for maintaining compliance
  • Self-Assessment completion guidance and advice

For further information on how you can ensure your business is PCI Compliant please contact

the Guestline team on

*Source Verizon Data Breach investigations report

2012

About Guestline

Guestline (an Access Company) provides the hospitality industry with innovative property management, guest engagement, payment and distribution software.

Founded on cloud technology, Guestline's solutions can equip independent hotels with everything they need to successfully run the business and generate more revenue - from intuitive PMS and booking software to fully unified channel management and payment solutions, ideal for any sized hotel or group.

Guestline provides thousands of hoteliers with the most feature-rich, best-in-breed and award-winning technology platform that includes PMS, CRS, Conference & Banqueting, Channel Manager, EPoS, Internet Booking Engine, GuestPay Payments and GuestStay Guest Experience solutions. With over 500 third-party integrations, Guestline can offer its clients a flexible, cost-effective, multi-functional system that allows them to stand out in an increasingly competitive marketplace.

Discover more at guestline.com

Melissa Dickinson
Marketing Manager
01743 282300
Guestline

View source