Why Hotels Need To Prioritize PCI Compliance & Staff Training in 2022

The fourth version of the PCI Rules will finally be released in March 2022 according to a latest update from the office PCI Security Standards Blog. The rules will be initially field tested through Qualified Security Assessors (QSAs), and Approved Scanning Vendors (ASVs) before publication. 

PCI Version 4 and Digital Payments  

As we move into 2022 we can notice completely new platforms, technology and consumer habits when it comes to payments. For hotel operators, this radical change in traveler behavior and hence shifting demands are difficult to navigate. 

Travelers have demanded digital payments as one of the top three services in a 2020 survey conducted by Skift & Oracle, the other two being digital check-in and Bluetooth room keys. Since travelers use digital payment tech like ApplePay, PayPal, BitCoin and other services in daily life, they similarly expect convenience from their hospitality providers too.  

The sheer pace of technology adoption and demands for more contactless payment services from travelers is giving rise to innovative services like ApplePay, NFC payments, online payments etc. in hospitality. Apple recently released their enhanced ApplyPay service for hotels offering multiple benefits to hotel owners and their guests. 

A great example comes from the Curator Hotels & Resorts Group who recently partnered with Canary Technology to introduce a digital authorization system. Guests can now easily make highly secure online payments, while the hotel will experience a 90% reduction in fraud, chargebacks and other operational costs. 

Hoteliers will now be responsible for the security of payments and guest payment data. PCI Version 4 will lead the way to provide hoteliers a smoother, robust, and more reliable set of payment data and processing standards.  

PCI V4 Will Strengthen Cyber Security & Guest Data Security Guidelines 

Having the latest payment solutions is great to engage more travelers, but with it comes the increased responsibility of data security and privacy. PCI compliance is a great way for hoteliers to identify insecure elements of the hotel data management strategy. 

Hoteliers can audit important aspects like the access and authorization to data. This critical strategy defines who can access the data and what the authorization rules are to access it. Data breaches are an increasing menace in hospitality in the form of card fraud, phishing, scams, and trojan horse viruses. 

The infamous Starwood Resorts hack was possibly one of the most notable ones for hospitality. The data breach was left unidentified for over 4 years leading to the loss of 500 million records. Marriott Hotels acquired Starwood Resort during this time, and had to settle a $130 million lawsuit when the breach was identified. 

Hotel operators have the choice to host their data on compliant and secure cloud servers or on physical servers hosted at the property. No matter which option a hotel owner goes with, it is simply essential to have PCI compliant vendors for the job. PCI compliance ensures that the liability of a breach is then removed from the hotel and is the responsibility of the service provider or vendor. 

PCI compliance is not necessarily the digital security and liability management solution for hotels, but it is a great starting point for operators. PCI compliance enables hotel operators and technology managers to formulate a comprehensive digital security strategy. This strategy usually documents essential elements like access & authorization rules, email security, encryption, network security, perimeter security, payment security, staff training, and issue reporting. 

PCI Version 4 to Focus on Hotel Staff Training 

Training is a very important aspect in modern hospitality with staff having to engage with multiple technologies to serve guests. PCI staff training primarily prepares staff to handle payments, secure guest data, enact security policies, and document issues for future analysis. 

Adequately trained staff are prepared to handle emergency events and disaster management more responsive than staff that are not. PCI compliance training equips staff with the ability to avoid card theft, safely handle guest data, understand access & authorization rules, enact encryption, and connect to hotel networks securely. 


As the rololout of PCI version 4 begins, hoteliers must begin the process of enacting the existing PCI compliance framework to their assets. Payment services compliance, data security, cybersecurity, and staff accountability remain the major priorities for hotel operators to address in 2022. 

We hope you enjoyed this edition of our blog, for more information about PCI compliance and staff training remember to connect with our business development team. For an instant discussion with one of our technology managers visit our Live Chat service now.