Time is running out for hotels, restaurants and other organisations that handle credit card payments to make their IT systems compliant with a new security standard, experts have warned.
In less than three months, the Payment Card Industry, which represents credit card companies, will bring in the PCI Data Security Standard (DSS) to help safeguard customer data.
But there are fears that many smaller operators, in particular, will not be ready for the 30 June deadline and could face fines.
The PCI DSS sets requirements for the monitoring and storage of credit card information to four levels of security, depending on the volume of credit card transactions being handled.
Firms with large numbers of transactions are required to monitor closely all access to stored credit card information, and they can be audited quarterly at a cost of up to £10,000 a time to ensure best practice is adhered to.
Seana Pitt, chair of the PCI Security Standards Council, told Caterer sister title Computer Weekly: "Everyone has a role to play in keeping sensitive payment data secure."
She urged operators to be aware of where credit card data was being stored, and to eliminate non-essential data.
"Companies should look to ensure that sensitive authentication data is not stored in their systems. They should scope their system to know where their data resides, become familiar with the PCI DSS and create action plans to become compliant," said Pitt.
By Cliff Saran
E-mail your comments to Cliff Saran](mailto:firstname.lastname@example.org?subject=INSERT HEADLINE HERE) here.