PCI-DSS requirements in the Mauritian Hospitality Industry

Abstract

Property Management Systems (PMS) are Information Systems, which provide for hotel room check-in and checkout, reservations, rooms and revenue management, and many more features relevant to the hospitality industry. An important factor in choosing between a hosted PMS and an on-premise solution is the Payment Card Industry Data Security Standards (PCI DSS) requirements. PCI DSS are widely accepted set of policies and procedures to protect credit, debit and cash card transactions of cardholders against misuse of their personal card data. This paper discusses the study done with regards to the compliance to these requirements in the Mauritian Hospitality Industry, and 25 hotels out of the 107 operational hotels have been surveyed to gather data. Mauritian hotels have been approached for this study as this information is accessible to the authors and there is a homogenous mix of different categories of hotels to give reliable data. A PCI-DSS weightage matrix is proposed to assess the importance of each PCI-DSS requirement for a hotelier; an assessment which can help to decide whether to stay on-premise or to go for a cloud solution. It should be noted that this paper follows from a previous study carried out where the current IT infrastructure of the 25 hotels was analysed and the cost factor for moving to the cloud SaaS model was determined. The focus of this paper is on the PCI DSS requirements. Other factors like total cost of ownership, legal implications and SLAs have not been considered in this study.