Document Comparison
PCI_AccorHotels_VigiTrust_Case_Study_-v03.pdf
→
PCI_Small_Merchants_Case_Study_-_Accor_and_VigiTrust.pdf
60% similar
2 → 2
Pages
1574 → 1552
Words
16
Content Changes
Content Changes
16 content changes.
Added
p. 1
Why did Accor choose VigiTrust? Accor: Working with the right partner is essential to the success of our PCI DSS program.
The relationship with VigiTrust spans nearly a decade. We first met VigiTrust at their PCI European Roadshow in June 2011. They impressed us by highlighting the need to demystify PCI DSS for target audiences, prompting us to think about how we could customize a PCI DSS program for the hospitality industry. Their PCI Compliance program tailored for the hospitality industry, now available on VigiOne, has been evolving with ours over the years. We first engaged VigiTrust in 2012 for PCI DSS eLearning for 15,000 users. We further customized this for our hospitality needs over the years, leading up to a full, two-part customized program released in 2013 and incorporated PCI Risk assessment and Vendor Risk Management questionnaires into the platform.
CASE STUDY PCI DSS Programs for Small Merchants What makes a …
The relationship with VigiTrust spans nearly a decade. We first met VigiTrust at their PCI European Roadshow in June 2011. They impressed us by highlighting the need to demystify PCI DSS for target audiences, prompting us to think about how we could customize a PCI DSS program for the hospitality industry. Their PCI Compliance program tailored for the hospitality industry, now available on VigiOne, has been evolving with ours over the years. We first engaged VigiTrust in 2012 for PCI DSS eLearning for 15,000 users. We further customized this for our hospitality needs over the years, leading up to a full, two-part customized program released in 2013 and incorporated PCI Risk assessment and Vendor Risk Management questionnaires into the platform.
CASE STUDY PCI DSS Programs for Small Merchants What makes a …
Removed
p. 1
Why did AccorHotels choose VigiTrust? AccorHotels: Working with the right partner is essential to the success of our PCI DSS program. We first met VigiTrust at their PCI European Roadshow in June 2011. They impressed us by highlighting the need to demystify PCI DSS for target audiences, prompting us to think about how we could customize a PCI DSS program for the hospitality industry. Up to that point, all the programs we had found were very generic. To be successful, we felt the program needed to be aimed at specific PCI DSS issues facing the hospitality industry.
Modified
p. 1
CASE STUDY PCI DSS Programs for Small Merchants THE MERCHANT AccorHotels is the largest hotel operator with a network of 4,300 hotels in 100 countries distributed through a hotel portfolio of 25 hospitality brands from luxury to economy.
CASE STUDY PCI DSS Programs for Small Merchants THE MERCHANT Accor is the largest hotel operator with a network of 5,000 hotels in 110 countries distributed through a hotel portfolio of 39 hospitality brands from luxury to economy.
Modified
p. 1
Accor also has new businesses in private rental, co-working, concierge services, dining & events and digital solutions, with 300,000 employees whose commitment and passion is helping Accor reinvent hospitality.
Modified
p. 1
For more information visit: http://www.accorhotels.com THE SOLUTION VigiTrust is an award-winning provider of SaaS Governance Risk Compliance (GRC) solutions with users in over 120 countries. VigiTrust enables large organizations, their subsidiaries, franchise operations and wider enterprise networks, to achieve and maintain compliance with legal and industry security frameworks including PCI DSS, GDPR and HIPAA. This is done through the provision of an education, compliance validation and compliance management solution.
For more information visit: http://www.group.accor.com THE SOLUTION VigiTrust is an award-winning provider of SaaS Governance Risk Compliance (GRC) solutions with users in over 120 countries. VigiTrust enables large organizations, their subsidiaries, franchise operations and wider enterprise networks, to achieve and maintain compliance with legal and industry security frameworks including PCI DSS, GDPR and HIPAA. This is done through the provision of education, compliance validation and compliance management solutions.
Modified
p. 1
For more information visit: http://VigiTrust.com CASE STUDY PCI DSS Programs for Small Merchants: Making PCI DSS “Business As Usual” in large, multinational, distributed environments How AccorHotels and VigiTrust help thousands of hotels achieve and maintain compliance with PCI DSS Let’s hear from the merchant and the partner provider.
For more information visit: http://VigiTrust.com CASE STUDY PCI DSS Programs for Small Merchants: Making PCI DSS “Business As Usual” in large, multinational, distributed environments How Accor and VigiTrust help thousands of hotels achieve and maintain compliance with PCI DSS Let’s hear from the merchant and the partner provider.
Modified
p. 1
What PCI DSS program management challenges do you face? AccorHotels: AccorHotels comprises more than 25 brands of hotels of all types and sizes in over 100 countries. The group includes owned and managed hotels and franchisees. At the AccorHotels Group, compliance efforts are spread across different teams and business units including security/compliance, country offices, local management and other lines of business. Coordinating these efforts is challenging, and central to this is the need to educate merchants, get them onboard with …
What PCI DSS program management challenges do you face? Accor: Accor comprises more than 39 brands of hotels of all types and sizes in over 110 countries. The group includes owned and managed hotels and franchisees. At the Accor Group, compliance efforts are spread across different teams and business units including security/ compliance, country offices, local management and other lines of business. Coordinating these efforts is challenging, and central to this is the need to educate merchants, get them onboard …
Modified
p. 1
What kind of PCI DSS compliance program was needed? AccorHotels: Facing the challenges AccorHotels had with PCI DSS compliance on scale, we knew we needed a comprehensive multinational, multidimensional, and multicultural PCI DSS program to support our network of hotels. We needed a program that would have value-add to help our merchants achieve and maintain compliance.
What kind of PCI DSS compliance program was needed? Accor: Facing the challenges Accor had with PCI DSS compliance on scale, we knew we needed a comprehensive multinational, multidimensional, and multicultural PCI DSS program to support our network of hotels. We needed a program that would have value-add to help our merchants achieve and maintain compliance. Secure payments throughout the merchant organization is the end game
• for hotels this includes reception, restaurants, bars, gyms, spas, shops. It was also important …
• for hotels this includes reception, restaurants, bars, gyms, spas, shops. It was also important …
Modified
p. 1
What does ‘value-add’ mean when it comes to a PCI DSS compliance program? VigiTrust: The real value add for merchants is access to plain-English business-driven security advice so they can easily implement and maintain good security practices. Secure payments throughout the merchant organization is the end game
• for hotels this includes at reception, restaurants, bars, gyms, spas, shops. Providing education through eLearning and access to user- friendly procedures helps merchants understand why payment security is important and what’s involved. Additionally, …
• for hotels this includes at reception, restaurants, bars, gyms, spas, shops.
What does ‘value-add’ mean when it comes to a PCI DSS compliance program? VigiTrust: The real value added for merchants is access to plain-English business-driven security advice so they can easily implement and maintain good security practices. This is done through VigiOne, an award winning Integrated Risk Management (IRM) SaaS solution. Providing education through eLearning and access to user friendly, procedures helps merchants understand why payment security is important and what’s involved. Additionally, easy access to all PCI DSS SAQs, …
Modified
p. 1
From the outset, we found VigiTrust to be a flexible partner that could adapt to our needs and work with us to develop tailor-made PCI DSS training solution by Accor hotels.
Removed
p. 2
CASE STUDY PCI DSS Programs for Small Merchants What makes a good PCI DSS compliance portal? VigiTrust: A good portal benefits those that work with merchants (such as acquirers, franchises, service providers, etc.) by providing all parties full visibility on the effectiveness of PCI DSS programs. By reporting not only on program completion but also on exceptions, program managers can help those merchants struggling to understand and implement good security practices, and that need help moving toward compliance.
A good portal also needs to facilitate a ‘Business as Usual’ approach to PCI DSS. Entities need to implement “always present” security - not just strive to be compliant at the time of an annual assessment . Security is a journey, not a destination. Supporting an organization’s continuous PCI DSS compliance must therefore be the primary objective of the portal.
Finally, a good PCI DSS compliance portal is customized to address the nuances of …
A good portal also needs to facilitate a ‘Business as Usual’ approach to PCI DSS. Entities need to implement “always present” security - not just strive to be compliant at the time of an annual assessment . Security is a journey, not a destination. Supporting an organization’s continuous PCI DSS compliance must therefore be the primary objective of the portal.
Finally, a good PCI DSS compliance portal is customized to address the nuances of …
Modified
p. 2
• I remove CVVs from e-mails using the Action => Edit option
• I print Adobe Acrobat PDF files and make CVVs unreadableAccorHotels Payment Autorisation Form
• Ionly use the AccorHotels PAF for TARS-non- supported booking requests
• I never ask for aphotocopy of a payment card to guarantee a reservation Email & Fax
• I deal with fax right upon receipt and shred immediately
• Alternatively, I lock faxes into the Reservations cabinet ID & Passwords
• I print Adobe Acrobat PDF files and make CVVs unreadable
• I
• I never ask for a
• I deal with fax right upon receipt and shred immediately
• Alternatively, I lock faxes into the Reservations cabinet ID & Passwords
• I remove CVVs from e-mails using the Action => Edit option
• I print Adobe Acrobat PDF files and make CVVs unreadable SecurePAYbyLink
• I use SecurePAYbyLink for all TARS*-non-supported booking requests (*TARS=The Accor Reservation System)
• I never ask for a copy/scan of a payment card to guarantee a reservation Email & Fax
• I deal with fax right upon receipt and shred immediately
• Alternatively, I lock faxes into the Reservations cabinet ID & Passwords
• I print Adobe Acrobat PDF files and make CVVs unreadable SecurePAYbyLink
• I use SecurePAYbyLink for all TARS*-non-supported booking requests (*TARS=The Accor Reservation System)
• I never ask for a copy/scan of a payment card to guarantee a reservation Email & Fax
• I deal with fax right upon receipt and shred immediately
• Alternatively, I lock faxes into the Reservations cabinet ID & Passwords
Modified
p. 2
• I inspect my EPTs daily and keep them stored in a safe location
• I inspect my EPTs daily and keep them stored in a safe location • When working on night shift, I inspect all EPTs daily and record the audit into the Zero Pinpoint Inventory tool IRP & SIR (Incident Response Plan & Security Incident Response)
Modified
p. 2
• I know how to detect a system security incident and I immediately react on it Shredder
• I destroy cardholder data using a shredder to make it unrecoverable when it is no longer needed for business or legal reasons Security Policy
• I am aware about our company security policy and best practices and comply with them at all times Security Awareness Training
• I destroy cardholder data using a shredder to make it unrecoverable when it is no longer needed for business or legal reasons Security Policy
• I am aware about our company security policy and best practices and comply with them at all times Security Awareness Training
• I am aware about my responsibility regarding cardholder data and about the importance of confidentiality
• I know how to detect a system security incident and I immediately react on it Shredder
• I destroy cardholder data using a shredder to make it unrecoverable when it is no longer needed for business or legal reasons Security Policy
• I am aware about our company security policy and best practices and comply with them at all times Security Awareness Training
• I know how to detect a system security incident and I immediately react on it Shredder
• I destroy cardholder data using a shredder to make it unrecoverable when it is no longer needed for business or legal reasons Security Policy
• I am aware about our company security policy and best practices and comply with them at all times Security Awareness Training
Modified
p. 2
• I store merchant tickets/receipts in a locked cabinet/ drawer
• I store merchant tickets/receipts in a locked cabinet/
Modified
p. 2
PCI DSS
• SECURITY POLICIES FOR FRONTOFFICE Payment Card Industry Security Standards Council, LLC www.pcisecuritystandards.org
• SECURITY POLICIES FOR FRONT
PCI DSS
• SECURITY POLICIES FOR HOTEL FRONT DESK / RECEPTION Payment Card Industry Security Standards Council, LLC www.pcisecuritystandards.org
• SECURITY POLICIES FOR HOTEL FRONT DESK / RECEPTION Payment Card Industry Security Standards Council, LLC www.pcisecuritystandards.org