For The Defense
The Payment Card Industry Data Security Standards (PCI DSS), developed by the PCI Security Standards Council, are a set of 12 requirements that are designed to create a minimum level of secure data management practices for banks and vendors that accept and process payments using payment cards. Most retail and hospitality companies process hundreds to thousands of payment card transactions each day, yet many of these companies do not comply with these standards. Even worse, many of the companies that are not compliant do not even realize it.
Retail and Hospitality Organizations Are Attractive Targets
Retail and hospitality companies are extremely attractive, data-rich targets for cyber-criminals, and it is important that their leaders and lawyers know why. Hospitality and retail companies are now, more than ever, providing interactive guest experiences. As technology advances facilitate an increase in interaction, there is a corresponding increase in entry points to and vulnerability among these companies. By their nature, these companies have a higher transaction frequency than companies in many other industries. High transaction turnover is valuable because of the increase in opportunity. Payment card data collected in transit is active and more likely to be valid and more valuable to cyber-criminals than older stored data. Another point to consider when weighing the value of these industries’ data is that hospitality and retail companies process expendable income transactions more often than other industries.