Hotel Online
News for the Hospitality Executive

.

advertisement


AH&LA Leads to Ease Hotel Credit Card Compliance Burdens

Letter to Payment Card Industry Security Standards Council Outlines Important
Changes to Help Safeguard Guest Data and Reduce Compliance Costs

Washington, D.C., June 19, 2009 –  In an effort to create more transparency and clarity in how data security standards are developed, the American Hotel & Lodging Association (AH&LA and several other trade associations recently sent a joint letter to the Payment Card Industry (PCI) Security Standards Council outlining guidelines that would make PCI credit, debit, and gift card usage more effective and cost-efficient.

Hotels and restaurants are taking the initiative to reduce costs of credit card compliance, while continuing to protect their guest’s privacy.  One estimate found that PCI compliance costs American businesses in excess of $1 billion each year.   However, the industry is concerned about unfair and burdensome rules when complying with the data security program used by the five major credit card companies.  

“Credit card compliance costs are part of doing business in our industry,” said AH&LA President/CEO Joseph A. McInerney.  “This action by AH&LA and others is an important step towards insuring that the payment means used by a majority of our guests is secure, and that our members’ compliance requirements are not burdensome, costly, or unnecessarily complex.”

AH&LA’s June 8, 2009, letter recommended that in order to achieve these efficiency goals the following changes be implemented:

  • Incorporate a formal review and comment phase on revisions to the PCI regulations by members before the changes are issued, similar to the process used by the Accredited Standards Committee X9, a data security standards committee of the American National Standards Institute (ANSI).  
  • Ensure the amount of time between the issuance of a PCI standards revision and its effective date is appropriate for all merchants to comply.
  • Adopt the X9 Committee’s plan to develop a new encryption standard to protect cardholder data.
  • Reduce the reporting and maintenance burden on companies by restructuring the 200 detailed requirements of the present PCI standards.
  • Require credit card companies and banks to provide merchants with simplified recordkeeping requirements for authorization code retention, instead of continuing to require merchants to store credit card information for dispute resolution.
AH&LA and the other associations have said that if the PCI Council members do not heed their concerns, there are other options available including legislative action in Congress, or regulatory changes.

“Security is a top priority in our hotel’s transactions with our customers,” said Kevin Maher, AH&LA’s senior vice president of governmental affairs.  “AH&LA is working to clarify on how these standards are enforced, created, and communicated.”

The letter was sent by the American Hotel & Lodging Association, National Retail Federation, National Restaurant Association, National Council of Chain Restaurants, Association for Convenience & Petroleum Retailing, Merchant Advisory Group and the International Franchise Association.

Serving the hospitality industry for nearly a century, the American Hotel & Lodging Association (AH&LA) is the sole national association representing all sectors and stakeholders in the lodging industry, including individual hotel property members, hotel companies, student and faculty members, and industry suppliers. Headquartered in Washington, D.C., AH&LA provides members with national advocacy on Capitol Hill, public relations and image management, education, research and information, and other value-added services to provide bottom-line savings and ensure a positive business climate for the lodging industry. Partner state associations provide local representation and additional cost-saving benefits to members.  For more about AH&LA, visit www.ahla.com.

.
Contact:

Robert Baylor
rbaylor@ahla.com 

 

.
.
Also See: Ensuring Credit Card Security via PCI Compliance: What Hotels Need to Know / September 2006
..
.
..

 

.

To search Hotel Online data base of News and Trends Go to Hotel.OnlineSearch
Home | Welcome| Hospitality News | Classifieds| One-on-One |
Viewpoint Forum | Industry Resources | Press Releases
Please contact Hotel.Onlinewith your comments and suggestions.