Type of Submission

Refereed Article


Payment card transactions have become an essential part of hotels operations. The purpose of this study is to explore the procedure, approximate the cost, and describe the real-life hotel experience of becoming PCI-compliant in order to provide guidelines and approximate expenses for recently opened hotels and for existing ones that are not PCI-compliant. A case study method approach was used. One hotel located in the Northeast part of the U.S. agreed to participate in this study. This is a limited-service, 120-room hotel; a major brand franchisee that is operated by a management company. The data was collected through a structured interview with the general manager of the hotel by the researchers. Findings indicated the cost for being PCI Compliant is not easy to calculate as many of the costs were integrated in typical costs of the hotel such as franchise fee and IT budget. Findings also suggested that the key elements every hotel is required to invest in to become PCI compliant; among them secure PMS/POS systems with firewalls and anti-virus software, and protected Internet networks. There are also some particular procedures (e.g. changing passwords, limiting access to the cardholders’ information, etc.) that a hotel needs to follow: necessary training for employees and potentially monitoring and controlling systems.