Change Region

You're on our English website. Change your region to see information for another location.

Understanding PCI compliance and how it affects your business

Welcome to RMS Cloud

We noticed you’re from the United States

If you accept or process payment cards, PCI DSS applies to you.

Many business owners struggle to wrap their heads around Payment Card Industry (PCI) security compliance. What is it? Why do I need to be compliant? What happens if I’m not?   

In this article, we’ll talk about why PCI compliance is important to your business and how RMS PAY helps you achieve it.  


In this article:

What is PCI compliance?

You might hear us use the term ‘PCI compliance’, which stems from the technical and operational requirements set by the Payment Card Industry Security Standards Council. The council’s founding members who set the standards are none less than AMEX, JCB, Discover, Mastercard and VISA, and some of the standards they’ve designed for you - the merchant - are called Data Security Standards (DSS). “If you accept or process payment cards, PCI DSS applies to you”, as stated in their reference guide, and it is the global standard for all merchants.  

PCI in Australia

In Australia, AusPayNet is an active contributor to financial standards set by the International Organisation for Standardisation (ISO) and is an affiliate member and contributor of the PCI. The Reserve Bank of Australia (RBA) released a set of expectations for merchants in which they must meet the minimum security requirements compliant with the Payment Card Industry Data Security Standard (PCI DSS) for transactions that tokenise and store card payments (i.e. online payments, terminal payments).  

What is PCI designed to do?

The Data Security Standards are designed to protect individuals against data breaches and consequential credit card fraud. It’s not 100% foolproof, but it’s a best practice the payment industry provides to mitigate risk as much as possible. Above all else, it’s about investing in the protection of your valued guests, to ensure their information doesn’t fall into criminal hands by way of your property.  

Why you need to meet PCI DSS standards

Businesses that store, process and/or transmit cardholder data - including payment gateways like RMS PAY - must comply with PCI DSS. These requirements apply to all payment acceptance channels including retail (brick-and-mortar), mail and telephone order (MOTO) and online.  

 By adopting RMS PAY, you don’t have to worry about being PCI compliant, because we do that for you.  

If you don’t meet PCI DSS standards or you’re not sure if you do, you will need to complete one or more of the following validation tasks: 

  • Self-assessment questionnaire 
  • Vulnerability scan 
  • On-site review with an assessor 
How to meet PCI DSS standards

With a mixture of digitally secure payment software like RMS PAY and employing best practices, you’ll be able to meet PCI compliance standards without having to make drastic changes to the way you operate.  

Let’s use an example. If a guest calls up to make a booking and you ask them to read out their card details, you just broke compliance. If you proceed to enter that card number into your terminal/PMS manually, you just broke compliance. If you didn’t have your PMS open and you wrote that card number down on paper, you broke compliance.  

However, if a guest called up to make a booking and you said, “I’ll send you an SMS payment link now, I can stay on the phone while you do it”, you’d be getting paid, you’d be certain your guest was legitimate, and you’d be – you guessed it – PCI compliant.  

PCI compliance standards are designed to eliminate payment methods that are highly susceptible to fraud, and unfortunately, that may include your usual way of doing things. But with a little best practice and a powerful payment gateway like RMS PAY at your side, you’ll be PCI compliant, and you’ll be adopting more efficient ways to take payments.  

What happens if you don't meet PCI DSS standards

Not meeting compliance standards for card payments holds a number of damaging outcomes for businesses and their guests, such as: 

  • You could be hit with significant fines 
  • You could face legal action 
  • You could lose your reputation and the trust of your guests  
  • Your revenue could be impacted as a result of damage to your reputation 
  • You could be subjected to time-consuming and costly federal audits in the aftermath of a data breach 
  • Your guests could have their credit card information leaked and be impacted by fraud 


So, in answer to your questions, if you intend to continue taking and processing payments at your property, whether you like it or not you do need to be PCI compliant and meet data security standards. You can do that in many ways as we’ve discussed, but the easiest way is to do it by adopting RMS PAY, the PCI-compliant payment gateway designed for hospitality that’s natively integrated into RMS’s hospitality management cloud.

That way, you can continue to manage your property all in one place without worry, doing the right thing for your guests and your business. 


Related reading