* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Friday, August 1, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

    Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

    That’s (Political) Entertainment: When Theatre Meets Politics

    Future Script: How Generative AI Is Changing Collective Bargaining in the Entertainment Industry – Jackson Lewis

    Future Script: How Generative AI Is Transforming Collective Bargaining in Entertainment

    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

    Micro wrestling coming to NE Ohio – Cleveland.com

    Get Ready, NE Ohio: Micro Wrestling Is Making Its Exciting Debut!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Cognizant Technology Solutions Corp (CTSH) Q2 2025 Earnings Call Highlights: Strong Revenue … – Yahoo.co

    Cognizant Q2 2025 Earnings: Impressive Revenue Growth and Key Takeaways

    Revving Up The U.S. Technology Engine – Forbes

    Revving Up The U.S. Technology Engine – Forbes

    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Eagle Unveils Revolutionary X-Ray Technology at Pack Expo

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

    Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

    That’s (Political) Entertainment: When Theatre Meets Politics

    Future Script: How Generative AI Is Changing Collective Bargaining in the Entertainment Industry – Jackson Lewis

    Future Script: How Generative AI Is Transforming Collective Bargaining in Entertainment

    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

    Micro wrestling coming to NE Ohio – Cleveland.com

    Get Ready, NE Ohio: Micro Wrestling Is Making Its Exciting Debut!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Cognizant Technology Solutions Corp (CTSH) Q2 2025 Earnings Call Highlights: Strong Revenue … – Yahoo.co

    Cognizant Q2 2025 Earnings: Impressive Revenue Growth and Key Takeaways

    Revving Up The U.S. Technology Engine – Forbes

    Revving Up The U.S. Technology Engine – Forbes

    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Eagle Unveils Revolutionary X-Ray Technology at Pack Expo

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Business

How to gain a five star security reputation in hospitality

January 10, 2024
in Business
How to gain a five star security reputation in hospitality
Share on FacebookShare on Twitter

Practical steps for pivoting to PCI DSS v4.0 to improve compliance

Achieving and sustaining compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a daunting challenge for hotels because they handle many complex payment business cases. For example, consider the numerous new booking options and services to improve the customer’s experience during the reservation process and their stay. Also, debit and credit card payments represent 80% of the industry’s customer payment methods, and it can be difficult to master and protect the stream of payment data running through the business. Applying a well-defined or planned out security approach can help to empower your organization with the necessary tools and knowledge to fulfil the PCI DSS requirements while also building a sustainable PCI compliance program. This approach should help usher in a successful transition to PCI DSS version 4.0 in order to meet the March 31, 2024, deadline, when v3.2.1 is set to expire.

Do you know all your payment channels and credit card flows? 

Considering the complexity of debit and credit card use cases in the hospitality industry, finding the right approach for transitioning to PCI DSS v4.0 can be difficult for an industry that must address changes from the corporate to the franchise level in a timely manner. 

Complexity has increased with the introduction of smartphones and digital wallets as well as the significant reduction of in-person cash payments. For example, in France 6O% of payments are done using a debit or a credit card[1]. Indeed, hotel customers can now book their stay via the corporate website, online travel agencies, such as www.booking.com or www.expedia.com, or hotel applications on their smartphones – in addition to traditional payments at the payment terminal located at the front desk of the hotel. Also, new digital payment channels are available for the customers during their stay: They can book a cab right after selecting and paying for the lunch menu with the hotel application or applications managed by third parties such as  www.karhoo.com or www.resdiary.com. These payment evolutions impacting the hospitality industry require special PCI DSS v4.0 compliance steps.

Four recommended steps in the PCI DSS v4.0 transition

Step 1: Locate, identify and document all the credit card flow in the organization, as stated by the following requirements applicable to all entities subject to PCI security compliance: 

1.2.4 An accurate data-flow diagram(s) is maintained that meets the following:

• Shows all account data flows across systems and networks.

• Updated as needed upon changes to the environment.

12.5.1 An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current.

12.5.2 PCI DSS scope is documented and confirmed by the entity at least once every 12 months and upon significant change to the in-scope environment.

(See the PCI Security Standards Council (SSC) Requirements and Testing Procedures, Version 4.0 March 2022.) 

Step 2: As an organization that is subjected to PCI DSS compliance, step 2 of your compliance project is to prepare for the update as soon as possible by knowing your compliance status and level, and select the date of your next assessment. 

Compliance with the PCI DSS demonstrates to customers and third parties that security controls required by the PCI Standards are in place in order to safeguard their confidential data and mitigate the risk of a credit card data breach. The required security controls include, but are not limited to, security policy and process documentation, secure data storage and transmission, development and application security, access control, network isolation, and service providers and third-party management. 

Your organization likely is facing one of two choices: Either maintain your current PCI security compliance while implementing the new applicable requirements or invest in a new project and implement all the PCI security requirements of PCI DSS v4.0. Different FAQs available on the PCI SSC website can help you navigate this big change: If this is your initial PCI DSS assessment, as defined in the PCI SSC FAQ 1485,  your “entity has never undergone a prior PCI DSS assessment that resulted in the submission of a compliance validation document.” In this case, “PCI DSS requirements are expected to be in place at the time of the assessment.” If you are already PCI security compliant, all expected requirements should be in place by the date of your next assessment. Indeed, as per FAQ 1328, after March 31, 2024, PCI DSS v4.0 will be the only active version. Note that your current certification will not expire at the beginning of April, as per PCI SSC FAQ 1565. 

Understand why compliance is crucial for your business and its stakeholders to determine the right sponsorship and resource allocations for your project. In the hospitality industry, hotels are either corporate or franchise entities. This situation creates complexity since, for the customers, the corporate entity is also responsible for the payment card data processed by the franchise organization. One key success factor in this type of large organization is to implement the right governance model by assigning clear roles and responsibilities for the implementation and maintenance of the requirements. This approach is not only a good practice but also a requirement since the new version of the standard puts some emphasis on business-as-usual compliant processes, as stated in the Payment Card Industry Data Security Standard Requirements and Testing Procedures, Version 4.0, March 2022:

12.1 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current.

12.4 PCI DSS compliance is managed.

12.4.1 Additional requirement for service providers only: 

Responsibility is established by executive management for the protection of cardholder data and a PCI DSS compliance program to include: 

• Overall accountability for maintaining PCI DSS compliance. 

• Defining a charter for a PCI DSS compliance program and communication to executive management.

Step 3:  Formally assigning roles and responsibilities is step 3 of the security compliance project, with a PCI security compliance manager in charge of the coordination and follow-up of all required tasks. Customers in this industry frequently have a PCI security compliance manager position at the corporate level supported by local PCI contacts responsible for coordinating the local implementation of the PCI security compliance program. 

The hospitality industry relies a lot on payment and property management system service providers, IT infrastructure service providers, and cloud providers in order to maintain and provide payment channels. It’s important to outline the responsibility of each party for the implementation of each requirement through a signed contract. Requirements 12.8.2 and 12.8.5 of the standard clearly support this approach, since written agreements are mandatory along with a responsibility matrix: 

12.8.2 Written agreements with TPSPs [third-party service providers] are maintained as follows:

• … with all TPSPs with which account data is shared or that could affect the security of the CDE [cardholder data environment].

• … acknowledgments from TPSPs that they are responsible for the security of account data the TPSPs possess or otherwise store, process, or transmit on behalf of the entity, or to the extent that they could impact the security of the entity’s CDE.

12.8.5 Information is maintained about which PCI DSS requirements are managed by each TPSP, which are managed by the entity, and any that are shared between the TPSP and the entity.

In the hospitality industry, franchises are often seen as third-party service providers.  The property owner using the franchisor’s brand name also should participate in the compliance program of the franchisor and demonstrate their compliance. This could be achieved through appropriate compliance documentation depending on the number of card transactions processed locally. The compliance document can be either a Report on Compliance (ROC) or the appropriate self-assessment questionnaire (SAQ). The appropriate management of the relationship with the service providers is very important; it represents a huge workload that should be done diligently.  

PCI DSS v4.0 comes with a lot of technical challenges. It’s important to understand them and know the ones that are applicable to your environment. Let’s explore some examples: 

Multifactor authentication (MFA) technology Requirement 8.4.2

MFA is implemented for all access into the CDE.

Multifactor authentication technologies are now mandatory for all personnel with access to the credit card environment. This requirement is a challenge due to the number of front desk agents with access to the credit card data on the booking systems. This requirement also has an impact on the Property Management System (PMS) used to manage payment at the front desk. It can be quite a challenge to implement this feature if it’s not supported by the PMS used in the hotel. Many hotels use Opera PMS, Sihot PMS or some Cloud PMS. 

Security of payment page scripts Requirement 6.4.3

All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:

• A method is implemented to confirm that each script is authorized.

• A method is implemented to assure the integrity of each script.

• An inventory of all scripts is maintained with written justification as to why each is necessary.

The appropriate solution should be used in order to identify, list and protect all the scripts used on the different payment pages in the business environment. 

Step 4: Know and understand your technical environment and the challenges that your organization will face in order to implement the applicable new requirements. 

Conclusion

Hotels are receiving a major makeover these days—and not just with the room decor. New payment models are challenging PCI DSS compliance in new ways. Organizations are on a journey in which it’s important to clearly know the starting point and the destination. PCI DSS version 4.0 brings solutions but also many challenges that require your organization to identify key concerns as well as an appropriate means for resolving them. Breaking down complex issues into smaller manageable ones is the best approach for such projects. Having a step-by-step methodology is essential for successfully implementing the new requirements in your organization. 

Start by understanding all of the business cases and payment flows in your organization. The second milestone of the journey is to know your current PCI security compliance status and plan the next assessment. Then, formally assign roles and responsibilities with a PCI security compliance manager in charge of the coordination and follow-up of all required tasks. Finally, set up a compliance organization and program before undertaking all the technical challenges related to your IT environment. Learn more about Verizon’s PCI assessments here.

[1]https://www.banque-france.fr/system/files/2023-08/Banque_de_France%20-%20Strat%C3%A9gie_mon%C3%A9taire%20-%20rapport_annuel_de_lobservatoire_de_la_securite_des_moyens_de_paiement_2022.pdf

O’Pa-Gnou Félix Grebet is a senior consultant, PCI QSA, CISM, CISA in Verizon Cyber Security Consulting, France. 

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : CIO – https://www.cio.com/article/1288972/how-to-gain-a-five-star-security-reputation-in-hospitality.html

Tags: businessreputationsecurity
Previous Post

オールステート:デジタル改革へのクラウドファーストアプローチがもたらした成果

Next Post

Nintendo Reportedly Seeking More Studios To Work On Its IP

Hungary to Gain Access to Cutting-Edge US Nuclear Technology – Hungarian Conservative

Hungary Poised to Unleash Cutting-Edge US Nuclear Technology

July 31, 2025
Morning Buzz: Playfly Sports takes over media sales for three MLB teams – Sports Business Journal

Playfly Sports Scores Big with Media Sales Deal for Three MLB Teams

July 31, 2025
New DNA Analysis Allows Scientists To Identify Specific Animals by Their Feces – Smithsonian Institution

Breakthrough DNA Analysis Enables Scientists to Identify Animals Just from Their Feces

July 31, 2025
Some killer whales hunt in pairs to maximize their bounty – Science News

Some killer whales hunt in pairs to maximize their bounty – Science News

July 31, 2025
Be Like Blippi Week – Adventure Science Center

Join the Fun: Be Like Blippi Week at Adventure Science Center!

July 31, 2025
Martha Stewart questions Meghan Markle’s lifestyle brand: ‘Hope she knows what she’s talking about’ – Page Six

Martha Stewart Raises Eyebrows Over Meghan Markle’s Lifestyle Brand: “Hope She Knows What She’s Talking About

July 31, 2025
Trump Executive Order Ends De Minimis Exemption for Rest of World – The New York Times

Trump Executive Order Ends De Minimis Exemption for Rest of World – The New York Times

July 31, 2025
Mexico’s economy grew 0.7% in Q2, outpacing analysts’ forecasts – Mexico News Daily

Mexico’s economy grew 0.7% in Q2, outpacing analysts’ forecasts – Mexico News Daily

July 31, 2025
Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

July 31, 2025
Malnutrition rates reach alarming levels in Gaza, WHO warns – World Health Organization (WHO)

Malnutrition rates reach alarming levels in Gaza, WHO warns – World Health Organization (WHO)

July 31, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (747)
  • Economy (772)
  • Entertainment (21,652)
  • General (16,211)
  • Health (9,809)
  • Lifestyle (780)
  • News (22,149)
  • People (774)
  • Politics (781)
  • Science (15,985)
  • Sports (21,269)
  • Technology (15,751)
  • World (755)

Recent News

Hungary to Gain Access to Cutting-Edge US Nuclear Technology – Hungarian Conservative

Hungary Poised to Unleash Cutting-Edge US Nuclear Technology

July 31, 2025
Morning Buzz: Playfly Sports takes over media sales for three MLB teams – Sports Business Journal

Playfly Sports Scores Big with Media Sales Deal for Three MLB Teams

July 31, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version