Little Hotelier takes our customers’ data – and their guests’ data – very seriously. We are 100% PCI DSS compliant across all components of our all-in-one package.

Essentially, this means that your business is securely protected from data breaches that would compromise your business’ sensitive data.

What is PCI DSS Compliance?

The PCI Compliance Guide define PCI DSS (Payment Card Industry Data Security Standard) as “a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment”.

PCI DSS has changed the way the travel industry approaches safety standards relating to how credit card payments are handled and processed. The Standard is enforced by major credit card companies – including Visa, MasterCard, American Express, Discover and JCB – as part of their merchant agreements.

The Standard, designed to help prevent payment card fraud, applies to any business involved in the processing, storing or transmitting of cardholder data, regardless of the transaction volume or dollar value involved. Should a guest use their credit card to pay for something at a hotel, for example – be it a room reservation, spa treatment or coffee – PCI DSS applies to that purchase.

Why is PCI DSS Compliance so important?

Hotels and bed and breakfast properties have been key targets of data breaches for many years – and there is one main reason for this; that is, credit card payments.

A study by Trustwave’s SpiderLabs showed that of 218 data breach investigations from 24 countries, 38 percent of the attacks occurred on hotels and, of the data stolen, 98 percent was credit card information.

It’s not enough to have an SSL certificate on your website, or rely solely on third-party payment services such as Paypal or Google Checkout to handle your guests’ credit card security. Each program you use must be securely locked down.

After all, sensitive data can be intercepted at any point in your guests’ booking process. For example, if your online booking system vendor is not PCI compliant, one of their wayward employees could easily decide to steal credit card data. This is why PCI DSS standards were invented.

PCI DSS compliance is not a ‘nice-to-have’, but an absolute necessity. A security breach not only damages your reputation, but it could potentially wreak havoc on the lives of your guests, and cost you a significant amount in the way of data breach fees.