If your business takes take credit card payments, the requirement to be PCI Compliant applies to you.
There is a great deal of confusion around what is required to become PCI compliant however the list of requirements is actually quite straight forward.
Many businesses we speak to are confident that they meet all of the requirements required, in reality this is rarely the case.
The simple test is this, if you think you are PCI compliant then you are almost certainly not. Why? Because if you have achieved full PCI compliance status, you would certainly know about it!
Do you record your front desk phone calls?
Do you ask for booking details by fax? (Believe it or not, some hotels we’ve spoken to do.)
Are you ever forced to change your passwords?
If so, you aren’t PCI compliant, even though you think you are.
Install and maintain a firewall configuration to protect cardholder data.
Change vendor-supplied defaults for system passwords.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Maintain a vulnerability management program.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses information security.