Hospitality PCI

PCI Compliance

Hospitality PCI (Payment Card Industry) Assessment Testing is becoming not just optional, but necessary in today's ever-progressing, technological society, and unfortunately, PCI Compliance does not always equal security as many believe!

The recent accounts of highly-publicized data breaches in PCI Compliant and "seemingly protected" companies are increasing by the day, proving just how critical becoming as knowledgeable, vigilant, and properly prepared and protected as one can possibly be, and we are the company for you!

InfoSight's Hospitality PCI assistance and services will provide you with various protective and preventative methods and resolutions, because another unfortunate truth is that no organization is ever entirely secure, even with strong security measures in place!

The Payment Card Information Industry is an extremely high profile and tremendously targeted medium and the techniques of cybercriminals are becoming more and more sophisticated, advanced, and successful! However, with the proper defense measures in place, like the ones we can provide you, businesses can phenomenally alleviate their risk and vulnerability, making it much more difficult for hackers to breach their private networks and data.

What are the requirements of hospitality PCI DSS?
To start off, the PCI DSS states that any merchant who deals with the processing, transferring of data, or storage of credit card information must comply with PCI DSS. That means this standard reaches from the retail location or point of sale to the vendor or merchant that scans the information or processes the card, all the way to the bank that releases the funds. The actual requirements state that any merchant must:
    • Incorporate and maintain one or multiple firewalls on their network
    • Not use Vendor supplied default passwords or configurations on software
    • Protect stored data
    • Encrypt transmission of cardholder data
    • Use anti-malware, spyware, and virus software
    • Restrict access to cardholder data on a need-to-know basis
    • Use unique ID configurations for individuals who have access
    • Restrict physical access to files containing cardholder data
    • Track and monitor access to cardholder data
    • Test Network integrity and security
    • Develop policies that address IT security

Complementary Services
IT Audit / Compliance Assurance Program
IT Risk Assessment
Enterprise Risk Management