The acronym PCI stands for Payment Card Industry, or more accurately PCI DSS where the latter term means ‘Data Security Standard’). The term ‘PCI Compliance’ is typically used as shorthand for the latest protocols taken by this industry to safeguard their customers’ accounts and prevent fraud.
Nowadays, PCI Compliance implies cybersecurity. With COVID-19 forcing properties to implement contactless technologies, this means fewer in-person (or card-present) transactions and plenty more virtual (or card-not-present) ones.
Each new platform or device a hotel adds can potentially introduce a new point of vulnerability for a cyberattack. Without secure systems in place to protect guest’s credit card information, hotels are adding a huge amount of risk.
All it takes is one breach and a hotel can suffer a tremendous amount of financial damage. There are the short-term effects of class action lawsuits and refunds, but also the reputational harm that can dissuade future customers from booking for years to come.
Another aspect to consider is chargebacks, where guests can dispute charges on their cards. More often than not, credit card processors side with the customer and not the merchant. Due to the inherent security and verification features built into PCI-compliant technologies, the chances of a dispute costing a hotel money is reduced.
Looking at all the factors involved, you simply can’t risk leaving any cracks in your tech stack unsealed. Bolstering your company’s cybersecurity starts with a thorough analysis of all your software and hardware – and not just each merchant terminal – to ensure they are all PCI compliant.
From there, opt for contactless payment solutions that can package and encrypt (that is, tokenize) your guests’ credit card data when it is being sent to the processor or the PMS. As well, these technologies should also help to remove any points in the chain where team members or third parties can see this information to further boost PCI compliance.
This is an ongoing process and one that needs to be discussed with each new piece that’s added to the tech stack. Still, it’s a core matter of protecting your guests and your brand from harm.