1. Introduction and Aim
Presently, innovative technology has enabled the business firm to serve the customers at global level and provided them different kind of services, in both goods and service industry. Additionally, technology allows the companies to manage the flow of information in the firm. Information Technology is the collection of products and services which help in converting the data into useful and easy-to-use information (Ip, Leung and Law 2011, p. 534). It helps in increasing the operational efficiency and productivity of an organization. It also helps in developing the skills of the employees and leads to the growth of the service and manufacturing companies.
The IT industry provides many services like networking, testing, development of database, security services, operational support, system architecture, documentation, application development, etc. It can also serve as an important source for e-governance as it provides easy access to information. In this direction, hospitality industry is also implementing different technologies to strengthen its performance and serve global customers (Nikolis 2008). Although, use of different technology applications in the hospitality industry helps in saving the time and completing the work in a definite time period, but it has also created several issues for the hospitality industry (Collins and Cobanoglu 2008, p. 77). The main focus of this report is to explore the emerging technological issue that has significant impact for the management of business firms; those are operating in hospitality industry.
All the firms, which are operating in hospitality industry has implemented different software applications to administer their activities and serve their clients and guest is a better way. But, it is becoming an emerging issue in this industry that which technology of software application offers a strategic value to the company (Perini 2011).
2. Research Objectives
The main focus of this report is to explore the emerging technological issue of PCI compliance and its impact for the management of business firms in hospitality industry. In order to achieve the aim of this report, it is imperative to develop some objectives, which are as follows:
- To explore a theoretical framework about the PCI DSS.
- To analyze the role and importance of PCI DSS in Hospitality Industry.
- To offer recommendations to Hospitality Industry to Improve the Abilities to Compliance with PCI Standards and to resolve the technological Issues to strengthen strategic abilities of the company.
3. Literature Review
Recently, technology has become very much complicated. Adoption and implementation of new system or software application should be based on the analysis of different strategic factors and issue associated with the technology. As the hospitality industry is continuously growing, information technology plays an integral role in its success to serve customers over globe (Hunter 2009, p. 52). According to Ip, Leung and Law (2011, p. 537), it is essential for the organizations to assess technological issues because lack of technology experience and lack of understanding about the software application will lead negative result in long term scenario. This section of this report explores about the different emerging issues related to technology in hospitality industry and its concern for the future of the industry.
3.2. Clarity about the Concept of Payment Card System Data Security Standards:
In this technological era, where human life have become technological rather than social, payments cards have replaced value of cash transactions in the buying process (Haley, Connolly and Cobanoglu 2009, p. 1; Levin and Hudak 2009). PCI DSS can be defined as a set of rules and instructions which commence the needs of all the business firms that allows credit cards and other payment cards (Lorden 2009). Thus, it is essential for the firm to compliance with the standards of PCI to assure the security of data and information of consumers (McMillan 2009).
It has been asserted by Tenczar (2008) and Lorden (2009) that as the hospitality industry serve global consumers, it is critical to manage transactions of cash without using payment cards such as credit cards, debits cards, all kinds of stored value cards, etc. Additionally, cashless payment also offers different advantages to both the company and consumers. It has become a status symbol in the society for individuals to having a payment card. According to Cobanoglu (2007), in hospitality industry, where guest books the services of hotels, airline and tourism firm over its websites, through telephonic conversations, etc. payment cards enables them to pay for the services and booked all the facilities in advanced without going to the company’s office or branch.
According to the PCI compliances, firms should implement following practices (Cobanoglu 2008):
- Installation of firewall configuration, so that data of card holder can be protected.
- Avoid uses of vendor-supplied defaults and other security measures.
- Encryption of cardholder data across public networks.
- Regular update of antivirus to avoid virus and other threats.
- Implementation of secure system software applications.
- Allot different unique ID to different guests.
- Restriction on Physical assess of information about card holder, etc.
In order to implement the process of PCI DSS, it is essential for the firms to include different participants, such as company that issue credit card, council of PCI security standard, banks, etc. (Connolly and Haley 2008). Furthermore, Connolly and Haley (2008) has stated that in hospitality industry, it is the responsibility of the firms to protect their guest and their assets, thus the management should consider the security of personal and financial information of customer as an invaluable activities, which is expected by all the guest.
3.3. PCI DSS and Hospitality Industry:
In order to manage the operations and strategic activities of hospitality industry at global world, PCI compliances has become an integral part (Tenczar 2008). If the firms in hospitality industry do not compliance with PCI standards, it would become a serious concern for the firm to become successful in the industry. In order to implement all these standards in the industry, business firms should think about some important points very cautiously, which are:
- Poor implementation of s High speed internet access technology to serve the guest of the hotels is a danger for their security. High speed internet access connects with the property management system. According to Haley and Connolly (2008, p. 8), due to this poor integration of both of these systems, hacker can reveal information about the cardholders and their accounts.
- In order to manage the operational activities and serves the guest in a better way, several applications and software systems are implemented by hotels at both inside and outside level (Connolly and Haley 2008). This system may include different applications like point of sale system, electronics locks, central reservation system, account, PMS, website booking engine, etc. Installation of all these system should be very carefully; otherwise it can explore the cardholder’s information to the hackers. Thus, hospitality firms should understand the nature and complexity of these applications before implementing to ensure the high level security of guest and their information. Moreover, firms should also examine the applications provides by vendors are compliant with the PCI DSS regulations or not, so that management can reduce the chances of information vulnerability (Berezina 2010, p. 220).
- A hotel management should also concentrate on the data that is received from external system. Thus, the firms to refine the data that is collected through global distribution system during the reservation of guest’s services. This is important to minimize the chances of stealing the information (Collins and Cobanoglu 2008, p. 275).
- Another unique point that should be considered by the hotel management is the culture of shared log-ins. This can be a problem for the management to secure data. It is essential for the management to use different log-ins for different guests to protect their information. Additionally, there should be restrictions on easy access to vendors, so that hacker cannot interfere in the system of the company and chances of leaking information would minimize (Haley, Connolly and Cobanoglu 2009, p. 4).
3.4. Organizational Needs of PCI DSS Compliance:
There are several reasons behind the increasing issues of data breach and poor security system in the firms, which are as follow:
- Reductions in software and equipments to protect data: Due to the lack of innovative security software applications and measures, it is critical for the hotels to manage the high level of security standards.
- Labour Shortage and Cutback: In order to increase the profitability of the companies, along with the minimum operating cost, hotel management has reduced the staff and try to improve productivity with less labour. It is because hotels are ignoring the serious concern of data breach, which is affecting the front line of the industry in negative manner.
- Multiple entry points of customers: Customers make reservations of different services of hotels through multiple channels such as website, travelling agents, postal mails online reservation portals, e-mails, etc. All these channels have their own risk and it is really critical to protect consumers at global level through a single security application (Berezina 2010, p. 227).
- Additionally, large and easy access of data and other internet applications, insecure culture, poor networking, etc. are some other reason behind data breach and low standard of security in hospitality industry (Bkrenek 2011). Thus, there is a need for the hospitality industry to compliance with PCI DSS.
Thus, as per the discussion above, it can be concluded that PCI DSS has a significant role for the business organizations, mainly in hospitality industry. PCI compliance at all levels of hospitality industry to manage all the operations securely has become a critical issue. It is essential to offer financial stability to the firms and well as improve the market credibility of the industry in the global market. Without implementing the payment card system, it is not possible for the hospitality industry to serve consumers at global level. Although PCI compliance is not a single solutions to prevent security breach 100% but it is significant to secure the information at high extent. Implement of innovative technological solutions is a need to become successful over globe. Thus, this issue of PCI DSS compliance is also significant for the hospitality industry.
Ignorance of PCI DSS can create several threats for the companies and harm their market images. Lack of standard security measurement will lead negative image of hotel and customer would not use the services of the hotel. It would ultimately reduce the strategic value of other operations of the firm. Additionally, compliance with PCI DSS would offer several opportunities to the hospitality industry such as safe and secure transaction of cash, competitive advantage to the companies.
According to the above discussion, compliance of PCI DSS also minimizes the risk of security breach and information vulnerability, which ultimately decrease the legal cost and improve financial stability. Furthermore, PCI compliance also allows the hospitality industry for safe and secure third party transaction. If this issue of PCI is not resolve by the hospitality industry, it would become a serious concern for the coming future, thus the firm should improve the networking practices.
5. Recommendations for the Hospitality Industry
In order to resolve the problem of data breach and information vulnerability, it is essential for the hospitality industry to improve the practices and applications of networking. Thus some suggestions are as follow:
Implementation of Privacy Culture for Guest: In all over the organization, there should be a culture of guest privacy. By implementing a privacy culture, it would easy to explain to guest that their information is safe and chances of data breaching are minor. The culture of privacy can be executed through sound documentations and maintaining different security and ethical codes (Tenczar 2008).
Elimination of Records: In order to resolve the issue of security breach, companies should also eliminate all the paper records about payment cards and personal information of guests. Hotel management should use computer systems with different logins and password for each entry. Access of common login detail should also ignore by the management (Perini 2011).
Recruiting Qualified and Talented Staff in the field of IT: In order to execute PCI DSS, there is need of experienced and knowledgeable personnel in the Hotel. Thus, firm should recruit candidate, who are qualified in this areas and who have knowledge to use system software applications.
Introduction of Adequate Training Programs for the Staff: Compliance with PCI DSS is also dependent upon the understanding of this concept. In order to improve the knowledge of staff about PCI standards and significance of payment card security, hotel management should give training to the staff. This training would also helpful to develop security culture in the firm (Nikolis 2008; Lorden 2009).
Developing Mutual Understanding between Vendors and Top Management: Successful compliance with PCI DSS is based on the combined efforts to hotel, staff, top management and vendors. There is a need to develop mutual understanding between vendors and top management of the firm. Hotel management should also offer some benefits to the vendors; so that they can security measure for payment cards as these applications are not developed by hotel in house (Berezina 2010, p. 230).
Apart from all these suggestions hospitality firms should also concentrates implementation of secure applications of networking, firewall protection, create awareness in the hotel about PCI compliance and their significance, giving different ID to all the customers, involvement of back and card companies, implementation of on-site IT departments, etc. All these action would support the hospitality firm to avoid the issue of security breach and improve the ability of the firm to manage secure transaction and protect data of the customers.
- Berezina, K. 2010. Top issues in PCI DSS compliance in hotels: an exploratory study. Journal of Hospitality and Tourism Technology, (1)3, p. 218-233.
- Bkrenek 2011. Data breaches make the hospitality industry less hospitable. [Online]. Available at: http://www.experian.com/blogs/data-breach/2011/11/16/data-breaches-make-the-hospitality-industry-less-hospitable/ [Accessed on 25 January 2012].
- Cobanoglu, C. 2007. PCI what? Hospitality Technology. [Online]. Available at: http://hospitalitytechnology.edgl.com/columns/PCI-What-55300 [Accessed on 25 January 2012].
- Cobanoglu, C. 2008. Understanding PCI version 1.2. Hospitality Technology. [Online]. Available at: http://hospitalitytechnology.edgl.com/columns/Understanding-PCI-Version-1-255338 [Accessed on 25 January 2012].
- Cobanoglu, C. and DeMicco, F. 2007. To be secure or not to be: this is the question! a critical look at hotel’s network security. International Journal of Hospitality and Tourism Administration, 8 (1) pp. 43-59.