Last year, the hospitality industry became the most targeted industry for data breaches according to Trustwave's Global Security Report 2010. The situation has grown in such a way that recently, one of the largest hospitality industry associations put forward guidance on how to take simple steps to secure payment card data within the industry.

When you bring up data breaches within the hospitality industry, common reactions are, “I heard encryption will protect us.” or “Tokenization will immediately make us compliant.”
Sorry. It simply doesn’t work that way. There is no silver bullet to “auto-magically” make you secure.

While many organizations have tried to combat fraud and protect sensitive information through technology or processes, there is a third pillar— people—that must be included in order to be truly successful at securing card data.

This is an area where the PCI Security Standards Council can help.

The PCI Security Standards are designed to protect payment card data within merchant and service provider environments and require appropriate measures to protect any systems that store, process and/or transmit cardholder data. The PCI Security Standards Council manages these standards and provides resources to help you secure your data.

Education plays such an important role in securing your data that we added a new PCI Awareness training to our offerings: a high-level basic introduction to PCI open to anyone who wants to learn and understand what PCI Data Security Standard (DSS) is, its impact on an organization and the importance of PCI compliance.

PCI is not a finance issue, or an IT issue, or a risk issue—it is cross functional and it fundamentally relies on people driving it. Our hope is that with awareness, organizations can ensure that they build a base level of understanding on how to best protect cardholder data across different business areas.

This is truly the core of the people aspect of security.

Education is the first point of interaction and interdiction against payment card fraud. The more educated your employees are about proper handling of payment card data, the more secure your organization becomes. Training—whether it is your quality security assessor, your internal IT staff or your everyday employee—on the importance of practicing security through the PCI standards every day is what will ensure ongoing security and help you on your journey to compliance.

If you are not sure where to begin, please take advantage of the Council’s resources on our website. Our quick reference guide is a great place to start for understanding PCI and the standards. Additionally, we’ve got resources ranging from advice for small merchants to technical papers on proper deployments within large organizations.

People, processes and technology must work in tandem to secure your organization moving into the coming year and the deployment of the new standards. Training is a fundamental way for you to get the people pillar of your security process in place and working effectively to keep you secure.

Bob Russo brings more than 25 years of high-tech business management, operations and security experience to his role as the general manager of the PCI Security Standards Council. Russo guides the organization through its crucial charter, which is focused on improving data security standards for merchants, banks and other key stakeholders involved in the global payment card transaction process.