UD co-hosts conference on payment card security
Cihan Cobanoglu
UDaily is produced by Communications and Marketing
The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 • USA
Phone: (302) 831-2792
email: ocm@udel.edu
www.udel.edu/ocm

8:33 a.m., Feb. 20, 2009----The University of Delaware's Department of Hotel, Restaurant and Institutional Management, in conjunction with the Unified Compliance Framework and HospitalityLawyer.com, hosted the second Payment Card Industry (PCI) Compliance in Hospitality Conference on Feb. 9 at the Houston Convention Center in Texas.

THIS STORY
Email E-mail
Delicious Print
Twitter

Cihan Cobanoglu, UD associate professor of hospitality information technology, with the help of Dorian Cougias, chief executive officer of Unified Compliance Framework, organized the conference to spread awareness towards PCI Data Security Standards (DSS), which have 12 requirements that merchants, regardless of size, must comply with. Failure to fully comply with the PCI DSS can lead to significant financial costs and business consequences.

Cobanoglu said computer security and keeping guest information safe and secure is a major challenge in the hospitality industry, and this conference helps address the task at hand throughout the industry.

“We hear about a different credit card breach every single day and most of them happen in a hotel or restaurant,” Cobanoglu said. “This conference comes in handy, where IT and legal professionals come together and discuss these challenges.”

Cobanoglu said because PCI compliance can be achieved through the coordination of operators, IT professionals and legal team members, this year's conference was held in conjunction with the Hospitality Law Conference.

Bob Nelson, chairperson of UD's Department of Hotel, Restaurant and Institutional Management, opened the conference by addressing the importance of PCI compliance to the 71 professionals in the hospitality information technology industry who were in attendance.

“PCI compliance is the biggest information management issue to ever face our industry,” Nelson said. “This conference brings together individuals who are on the front lines of the issues arising from PCI compliance. I dare say that, given the clout of the individuals gathered here today, and the currency of PCI compliance, we have a historic opportunity to shape the issue and our industry's preparedness for it. Indeed, I think it is our duty to do so. I challenge all of you to be up to that challenge. Take the information from this conference back to your companies and make them better.”

The keynote speaker at the conference was Troy Leach, technical director of the PCI Standards Security Council, who spoke about what those in the industry need to know about PCI from his point of view.

Charles Hoff, Georgia Restaurant Association general counsel, presented the PCI compliance challenges of Georgia restaurateurs. Hoff said PCI DSS are becoming foremost in the concerns of restaurateurs because of the liabilities involved and was glad that UD was taking a leading role in confronting this troublesome issue.

“I applaud Cihan, Bob, and the University of Delaware in terms of taking a proactive stance and making sure restaurant owners know what PCI compliance is and what their contractual obligations are, before they could potentially run into trouble,” Hoff said. “It's a vital service they're providing.”

Jeff Parker, vice president of technology at Magnolia Hotels, presented lessons learned in the field in a roadmap to PCI compliance and how to not repeat mistakes in the future.

Parker said that 95 percent of revenue at Magnolia comes from credit card transactions, and it is critical to protect customers' financial data.

“I think PCI compliance is the single largest issue for the hospitality field,” Parker said. “We should all get focused on getting this resolved. Credit card security has to be paramount.”

Other speakers included Chris Schwartzbauer and Kim Fors of Shavlik company, who discussed ways to prepare for an audit; David Navetta from InfoSecCompliance, who discussed ways to bridge the communications divide between information technology, risk and legal departments; and Scott Brow, an attorney from Skadden, Arps, Slate, Meagher, & Flom, who discussed how to handle security breach notifications and legal implications of being non-compliant.

Because this conference was such a great success, Cobanoglu said there will be four regional conferences around the country within the next year, the first of which will be taking place in June in the Baltimore/Washington, D.C. area.

Article by Jon Bleiweis

close