NB: This is a guest post by Merchant Link, providers of security and support for credit card transaction and payment systems.
Day Two: Easy things you can do that cost little or no money
Merchants are easily overwhelmed when it comes to achieving PCI compliance and securing credit card information.
Most already know that they must do more when it comes to protecting their customers’ data, but most feel they don’t have the time or money to do it properly.
Still, without security and trust, customers will start to disappear. But let’s be honest - hotel owners and operators are not security experts.
In today’s economy, most operators are more concerned with keeping their doors open.
So as the PCI Council continues to add more steps and requirements to the standards, most of these operators clearly aren’t able to spend the time, resources nor do they have the expertise to ensure that they are compliant.
So let’s start with some easy steps that can help you adhere to the standards without costing you too much time or money. These are the basics:
- Block the unwanted: Install a firewall to block unauthorized access to your computer systems. Consumer-grade firewalls require minimal configuration and cost very little.
- Patch your systems: When a POS application or system vulnerability is identified, a patch is typically released by the vendor to protect your systems from being exploited. Most patches can be downloaded and installed automatically and are free.
- Use strong passwords: Change passwords on a regular basis and ensure you are using a combination of letters, numbers, and special characters. Passwords should be easy to remember but hard for others to guess. This is an easy, cost-free security measure.
- Know where the data is: Determine where credit card data is stored on the network. Is there an inventory? When is it essential to have it stored? Most organizations can probably eliminate 50% of credit card data they store. If credit card data is not stored on your systems, the scope of your PCI compliance audit can be significantly reduced.
Using a multi-layered approach to secure critical assets needs to be a priority. If the hotel’s systems are secure, compliance will fall into place.
NB: This is a guest post by Merchant Link, providers of security and support for credit card transaction and payment systems. Follow on Twitter.