Full Text

Introduction

Payment cards transactions have become an essential part of hotel operations ([4] Cobanoglu, 2007; [13] Hobson and Ko, 1995; [15] Levin and Hudak, 2009; [23] Tenczar, 2008; [26] Volpe, 2009). It is difficult to imagine a hotel operating and competing on the market without accepting credit cards. Even though, cashless payments provide particular advantages for both customers and merchants, they bring threats of information vulnerability and security breaches at the same time. The hotel industry has been very attractive for hackers because of traditionally low computer and network security practices employed by hotels ([6] Cobanoglu and DeMicco, 2007). In the USA "upwards of 55% of credit card fraud comes from the hospitality industry" (Cougias as cited in [11] Haley and Connolly, 2008, p. 1). Given the fact that hotel properties have a responsibility of protecting their guests, "one should view information security as an invaluable and expected guest service" ([8] Connolly and Haley, 2008). Owing to this, security issues should be properly addressed in hotels. One of the ways to do so is to comply with Payment Card Industry Data Security Standards (PCI DSS). This set of requirements was originally developed by major credit card issuing companies: Visa, MasterCard, American Express, Discover, and the JCB in order to establish security of credit card processing and cardholders' information. The current PCI DSS version 1.2 requires all the companies accepting payment cards to be PCI-compliant. Even though PCI compliance does not provide 100 percent guarantee from data security breaches, failure to comply leaves more chances for hackers to commit fraud and steal sensitive information. However, until PCI-compliance is mandated by a consistent set of laws in the entire USA, some companies still fail to comply ([25] Visa Inc., 2009).

This paper explores the main barriers and key issues that the hotel industry professionals face during the PCI compliance process. This study will help to understand weaknesses and gaps in the PCI compliance process within the hotel industry that will provide a foundation to develop strategies and methods to address those issues in the future.

Review of literature

PCI DSS is a set of rules that introduces the requirements for all companies that accept credit cards ([8] Connolly and Haley, 2008). Recently, to process credit card...