In this article we will discuss in depth why cafes, restaurants, bars, hotels and other companies, which provide catering services, need the PCI DSS standard certification.
This market sector is called HoReCa. It includes all kinds of hospitality services – catering and hotel industry.
Our specialists are sure of the fact that the information outlined below is important for everyone who already has a business in the НоReCa field or is just about to enter this kind of market.
Modern people pay for their morning coffee, business lunch or hotel room by a bank card. It’s very fast and convenient.
An average person pays by his card from two to ten times a day. Many people are so accustomed to using the card that they even don’t think about the safety of their funds. People trust and strongly believe that it’s safe. We, the users, have confidence and sense of security, that’s why we use payment cards so often.
We owe this confidence to VISA, MasterCard and other payment systems. They are concerned about the security of cardholder funds and keep a tight rein on all of the e-payment market participants.
In order to ensure the safety of their client money, VISA, MasterCard and other payment systems have developed the PCI DSS security standard.
The PCI DSS standard (Payment Card Industry Data Security Standard) is a set of requirements for ensuring the security of cardholder data that are stored, transmitted and processed in the information infrastructures of organizations.
The primary objectives of the PCI DSS standard are to ensure the network infrastructure security and protect the cardholder data, as these are the most soft spots that directly threaten with the confidentiality and money loss.
Get a free consultation with our experts
But, what does the PCI DSS standard have to do with the restaurants, hotels and other representatives of the HoReCa business segment?
Each and every company that accepts cards as a form of payment must comply with the PCI DSS standard. Even if it conducts only one transaction per year, it is required to undergo the certification.
All participants of the HoReCa business segment intensively accept card payments for their services and products. After all, it’s very convenient for the customers. For example, you can use a payment card to book a hotel room without leaving your home or office, to pay for a lunch at the restaurant, to order a dinner online.
There is only one conclusion: cafes, restaurants, hotels and other participants of the HoReCa business segment, who strive to satisfy their customers, must complete the certification and meet all the PCI DSS standard requirements.
Many business owners loophole and resort to cunning in order not to undergo the PCI DSS standard certification.
Therefore, we occasionally hear the news about cardholder data leakage. Restaurant or hotel staff collect the card data and sell it to hackers alongside the customer service. And after a while, the hackers steal money using these data.
It reduces people’s confidence in payment cards and has a very negative impact on the business development.
The PCI DSS standard requires constant monitoring of the POS terminals. All staff members must follow the guidelines closely, should be able to detect the POS terminal substitution and don’t have to leave the terminals unattended.
POS terminals can be susceptible to a virus attack.
But, if the company has undergone the certification and meets all the PCI DSS requirements, it means that the appropriate antivirus and card data leak protection mechanisms are implemented.
The PCI DSS standard also requires food ordering and online hotel booking websites to be safely designed and protected from hacking and data spoofing.
The PCI DSS standard requirements apply not only to the large restaurants and hotels. If you have a tiny two-table original coffee house, or you bake pies and cakes selling them online, if you accept card payments from the customers, you definitely need the PCI DSS standard certification.
The same can be said of the small hotel owners. If you own a four-room family hotel, you also need to undergo the PCI DSS standard certification.
It’s worth noting that this certification is especially important for the small hotels and restaurants, as it’s more difficult for them to stand up after a serious hacking attack or fraud. Loss of customer trust can have a disastrous impact on the whole business.
We provide the fast certification for both small and large businesses who work in the HoReCa field. The certification lasts from 2 weeks and, in most cases, is carried out remotely. All communications with our auditors are conducted through the secure portal.
You are welcome to undergo the PCI DSS standard certification
Read more in the blog