Visa issues guidance on data protection

Last Updated: 13 Sep 2010

Visa recently released some guidance on data protection titled ‘Hospitality Breaches on the Rise’, which shows how criminals target hotels and gives tips on how to protect data and comply with the Payment Card Industry Data Security Standard (PCI DSS).

According to Trustweave, a global provider of IT security and compliance, the hospitality business accounted for 38% of all data security breaches in the last year, double that of financial services. This is mainly due to the fact that hotels can have payment systems that are more complex than other businesses, which in turns makes it more difficult to be PCI DSS compliant.

With this in mind, Visa and Trustweave, along with leading hotels, have developed a list of recommendations to help the industry protect itself more efficiently, which include

• Changing vendor-supplied default passwords for custom ones for both Hotel Management Systems and Point of Sale
• NULL sessions should be disabled – these allow unauthenticated connections to a Windows computer
• Install and maintain a firewall
• Assign a unique ID to each person accessing the system
• Monitor all access to the network resources and cardholder data.

Visa is also giving advice on new technologies – such as data encryption and tokenisation – which can help achieve PCI DSS compliance and protect customer data more effectively. More information can be found on the Visa website.