Many hospitality businesses that handle credit card payments are risking fines because they have not made their IT systems compliant with new security standards, experts have warned.
Last month, the Payment Card Industry (PCI), which represents credit card companies, implemented the PCI Data Security Standard (DSS) to help safeguard customer data.
The PCI DSS sets requirements for the monitoring and storage of credit card information to four levels of security, depending on the volume of credit card transactions being handled.
Firms with large numbers of transactions are required to monitor closely all access to stored credit card information, and they can be audited quarterly at a cost of up to £10,000 a time to ensure best practice is adhered to.
But despite the 30 June deadline, awareness among hotels and restaurants is still low, and businesses have been slow to bring their systems in line with compliance standards, according to Nick Chudley, managing director at hospitality IT systems supplier Welcome Computers.
"The danger for hoteliers is that the days have gone where the card issuers will always pick up the tab for instances of fraud," he said. "Now that security standards have been agreed throughout the industry, there will be a way for [card issuers] to pass on the cost of fraud to anyone who doesn't meet these standards.
"The best way for hoteliers to approach this in a positive light is to show their customers that they're protecting them in the same way that they provide locks and safes and access control to protect guests' luggage and valuables," Chudley added.