Vacation rental News
PCI Standard: Protect Credit Card Information
There are various techniques for preventing web crime. One way is to have rules on how companies can store information. The PCI Security Standards Council is a global body which puts forth security standards for account data protection. The Payment Card Industry Data Security Standard (PCI DSS) was produced in 2004 and has been regularly updated since. It has 12 key points which any company which stores, processes or transmits credit card information must follow. In the coming months, PCI plan to make changes to the PCI Data Security Standard responding to new breaches and threats to security which will make for essential reading for your holiday rental company.
How to protect Credit Card Information
There are only 12 points in the Data Security Standard, however each point opens multi layers of investigation, work, and sometimes, cost. These can be found in the Quick Reference Guide on the PCI Website Library. The process of being PCI compliant is neither simple nor short, and yet any company which receives money through credit cards may have to go through the PCI process and should complete a self-assessment questionnaire found on the PCI website.
What does a property management company have to do?
There is no simple answer. A company must undertake a rigorous review in order to identify its processes, resolve issues, report and then repeat this process regularly. Fortunately there are a variety of technical solutions which can reduce the strain.
Some aspects are easier to identify and change, such as “Do not use vendor-supplied defaults for system passwords…”. Jeremy King, international director of PCI Security Standards Council recently reported that “The most popular password is still 123456.” Passwords require thought and regular planning to be more effective, but this can be done internally.
Some aspects are more complex, such as ‘Protect stored cardholder data’. This involves who has permission to access data, all aspects of hardware and access, data retention and deletion processes, encryption, storage regulations.
Is there external help?
There is no fix all solution, and your company may need to involve a number of different companies in addition to using your own internal resources in order to become, and stay, PCI compliant.
In the hospitality industry, some major portals are leading the way by making mandatory rules for vacation rental software providers which ensure that information is transmitted and stored in a PCI compliant way. Avantio are proud to launch our new product the PCI Wallet to protect our clients, please contact us if you have any questions.
Some Password managers provide unique passwords for secure access to your software. Other technical companies provide security analysis to find, remove and prevent malware from your rental property websites, add firewalls and find weaknesses in the software.
Once the process has been completed however, your customers and your company are protected, with some great benefits, including:
- the responsibility of information storage is no longer a burden
- the risk of Credit card data being hacked from the agency’s data storage and resold, leaked or used as leverage is reduced
- the risk of fines, embarrassment or prosecution for data theft or not being compliant is diminished
- your customers credit card information is safe.
For more on PCI standards, check their website and the library full of up to date information.