Violates PCI Data Security Standard (Score 1)

Any hotel chain that does this is in violation of the Visa Payment Card Industry Data Security Standard. Notably Sections: 3.4 .."Render sensitive cardholder data unreadable anywhere it is stored (including data on portable media, backup media, in logs... Requirement 4: Encrypt transmission of cardholder and sensitive information across public networks. Requirement 9: Restrict physical access to cardholder data Any physical access to data or systems that house cardholder data allows the opportunity to access devices or data, and remove systems or hardcopies, and should be appropriately restricted. Note that these Payment Card Industry (PCI) Data Security Requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data. Additionally, these security requirements apply to all "system components" which is defined as any network component, server, or application included in, or connected to, the cardholder data environment. Violations of the Visa PCI Security Standard can result in the institution being fined and potentially losing the ability to process future credit card transactions. Fines are generated when an audit of theft of information shows non-compliance by the company. Fines range into the hundreds of thousands of dollars. The PCI Data Security Standard has been adopted by Visa/Mastercard and in similar forms by Discover and American Express. I wonder where the PCI auditors are with checking for this. Anyone who wants to catch up on the Visa PCI Data Security Standard can do so here: http://usa.visa.com/business/accepting_visa/ops_ri sk_management/cisp.html