VRMA

    PCI Compliance: Essential for Protection


    With yearly increases in web crime, customers continue to be nervous about giving credit card information online. In 2014, over 38 percent of major security breaches were in the travel and hospitality sector*. Providing your guests with reassurance on what happens to their information is a boost to your vacation rental company.
     
    But it’s not only your customer which needs protection. Any property management company handling credit card information is a target for cybercrime, leading to financial loss through fines, court cases and compensation, significant embarrassment and damage to your hard earned brand. So property management companies need to protect themselves too, but how? 
     
    Protect Credit Card Information
    There are various techniques for preventing web crime. One way is to have rules on how companies can store information. The PCI Security Standards Council is a global body which puts forth security standards for account data protection. The Payment Card Industry Data Security Standard (PCI DSS) was produced in 2004 and has been regularly updated since. It has 12 key points which any company which stores, processes or transmits credit card information must follow. In the coming months, PCI plan to make changes to the PCI Data Security Standard responding to new breaches and threats to security which will make for essential reading for your holiday rental company.  
     
    Here are the 12 points of the Data Security Standard:


    Click to enlarge.

    While there are only 12 points, each point opens multiple layers of investigation, work and—sometimes—cost. The process of being PCI compliant is neither simple nor short, and yet any company that receives money through credit cards may have to go through the PCI process and should complete a self-assessment questionnaire found on the PCI website.
     
    What does a property management company have to do?
    There is no simple answer. A company must undertake a rigorous review in order to identify its processes, resolve issues, report and then repeat this process regularly. Fortunately there are a variety of technical solutions which can reduce the strain.
     
    Some aspects are easier to identify and change, such as “Do not use vendor-supplied defaults for system passwords...” Jeremy King, international director of PCI Security Standards Council recently reported that "The most popular password is still 123456." Passwords require thought and regular planning to be more effective, but this can be done internally.
     
    Some aspects are more complex, such as ‘Protect stored cardholder data’. This involves who has permission to access data, all aspects of hardware and access, data retention and deletion processes, encryption, storage regulations.
     
    A good introduction to the details of PCI DSS requirements can be found here:
    https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf

    Is there external help?
    There is no fix-all solution and your company may need to involve a number of different companies in addition to using your own internal resources in order to become, and stay, PCI compliant.
     
    In the hospitality industry, some major portals are leading the way by making mandatory rules for vacation rental software providers which ensure that information is transmitted and stored in a PCI compliant way.
     
    Some password managers provide unique passwords for secure access to your software. Other technical companies provide security analysis to find, remove and prevent malware from your rental property websites, add firewalls and find weaknesses in the software.
     
    Stay Protected
    Once the process has been completed however, your customers and your company are protected, with some great benefits, including:
    • the responsibility of information storage is no longer a burden
    • the risk of credit card data being hacked from the agency's data storage and resold, leaked or used as leverage is reduced
    • the risk of fines, embarrassment or prosecution for data theft or not being compliant is diminished
    • your customers credit card information is safe. 
     
    For more on PCI standards, check the site and the library full of up to date information. 
    www.pcisecuritystandards.org

    Source *2015 Data breach Investigations Report by Verizon
     
     
    Kelly Odor is the communications manager at Avantio and is passionate about providing industry leading property management software to clients. Avantio’s software aims to increase the market visibility of our customers holiday rental property portfolio in order to increase bookings and revenue, and decrease the time spent on the day to day management of property portfolios.
     
    Avantio is passionate about providing industry leading property management software to its clients. Avantio’s software aims to increase the market visibility of its customers' holiday rental property portfolio in order to increase bookings and revenue, and decrease the time spent on the day to day management of property portfolios. Avantio provides vacation rental software, a channel manager with connections to 50+ vacation rental partner portals worldwide and state-of-the-art, mobile-friendly holiday rental websites for professional property management agencies. It is a preferred partner with HomeAway and has recently launched a full API XML connection with Airbnb.

     
     
    Recent Stories
    Above the Noise

    July 2017 Regulatory Update

    Vacation Rental Debate Heats Up In Michigan