RISKY BUSINESS:
Safeguarding Your Most Valuable Assets By Steve Chhuor, CPA Manager - Assurance & Advisory
M
ost businesses understand that accepting card payments is an option that attracts customers who need a quick and easy payment option. The shift of payments from cash to card is a trend many businesses are accepting as the norm. In fact, some businesses have moved towards a cashless model and only accept credit cards. However, credit cards also expose businesses and cardholders to cybersecurity risks, as credit cards hold a wealth of valuable financial information. So how are businesses protecting cardholder data from falling into the wrong hands?
What is PCI? As part of an effort to protect cardholder data, the Payment Card Industry Security Standards Council (PCI) was founded by American Express, Discover, JCB International, Mastercard, and Visa. PCI created the PCI Data Security Standards (PCI DSS), which is a set of security standards designed to assist businesses that accept, process, store, and/or transmit card payment information in maintaining a secure environment. All businesses that accept or process card payments, regardless of business size or the number of card payment transactions, are required to comply with the PCI DSS. Failure to comply with these standards can result in hefty penalties and fines with the possibility of revoking payment card acceptance privileges. It is important to remember that the focus of PCI DDS is to protect cardholder data, not protect the organization as a whole.1
PCI and the Hospitality Industry In the hospitality industry, cardholder data is highly targeted and should be a high priority during an organization’s risk assessment. Cybersecurity should be a business-wide focus to provide protection to the organization and its employees. Business owners should view cybersecurity as a valuable best practice for business, rather than a compliance issue. Businesses face increasing cybersecurity threats and vulnerabilities as they seek to increase efficiencies through the optimization and implementation of technology. The hospitality industry is a large target for cybersecurity breaches since businesses maintain consumer data, such as credit card information, in their system. In 2018, Verizon reported that 90% of all breaches occurring in the hospitality industry were related to point of sale intrusions. These intrusions were often done through hacking and malware, and 93% percent of the time the data compromised was card payment information.2 For businesses, checking PCI compliance to ensure that PCI data security standards are being met and reviewing cybersecurity policies and procedures are excellent ways to ensure businesses are up to date on the industry’s best practices. 10
KROST QUARTERLY VOL. 2 ISSUE 2 - THE HOSPITALITY ISSUE