Time is running out for hotels, restaurants and other organisations that handle credit card payments to make their IT systems compliant with a new security standard, experts have warned.
In less than three months, the Payment Card Industry (PCI), which represents credit card companies, will bring in the PCI Data Security Standard (DSS) to help safeguard customer data.
But there are fears that many smaller operators, in particular, will not be ready for the 30 June deadline and could face fines. The PCI DSS sets requirements for the monitoring and storage of credit card information to four levels of security, depending on the volume of credit card transactions being handled.
Firms with large numbers of transactions are required to monitor closely all access to stored credit card information, and they can be audited quarterly at a cost of up to £10,000 a time to ensure best practice is adhered to.
Seana Pitt, chair of the PCI Security Standards Council, said: "Everyone has a role to play in keeping sensitive payment data secure. Companies should look to ensure that sensitive authentication data is not stored in their systems. They should scope their system to know where their data resides, become familiar with the PCI DSS and create action plans to become compliant."
The British Hospitality Association said it was aware of the impending changes and would be urging members to ensure their IT systems were compliant.
Separately, a number of hospitality businesses were believed to have been affected by a technical glitch at credit card giant Visa last Friday which meant payments could not be processed.
Visa said that not all its transactions across Europe were rejected, and that some countries were affected more than others.
By Daniel Thomas