Last year, the hospitality industry became the most targeted industry for data breaches according to a Global Security Report by Trustwave. Here's a top five list of what every, hotel, restaurant and resort operator needs to know (and do) about PCI compliance in 2010:

1. If you aren't well versed in it already, get familiar with the PCI DSS. The Payment Card Industry Data Security Standard, or PCI DSS for short, is a set of requirements that all businesses-regardless of size-must adhere to in order to accept payment cards. Their purpose is to ensure the security of cardholder data and to help prevent credit card fraud, hacking, and other security issues. The standard is enforced by the major credit card companies that make up the Payment Card Industry Security Council-American Express, Discover, JCB, MasterCard and Visa.

Hotel

Merchants fall under four categories of PCI DSS compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet.

PCI compliance for merchants can get a bit tricky: each payment card brand (Visa, MasterCard, etc.) has their own requirements for PCI compliance. You need to know the different PCI compliance deadlines and requirements for each payment card brand.

2. If you're an independent hotel, restaurant or resort, the onus really is on you to become PCI DSS compliant and verify your compliance with each payment card brand. If you are part of a franchise, reach out to your franchisor to see they have implemented any kind of PCI compliance program for their franchisees or if they are offering any advice.

3. Research partnerships to ease the burden of PCI compliance. Earlier this year ReServe Interactive, a leader in hospitality management software solutions, selected Element as its PCI DSS compliant solutions partner for its suite of catering, event management, dining reservations and table management software products. Look for partners with technology like tokenization and end-to-end encryption, which will likely reduce your scope of PCI compliance.

4. As of July 1, 2010, all merchants (that's you!) must be using payment application software that has been validated as Payment Application Data Security Standard (PA-DSS) compliant. A listing of certified payment applications can be found on the PCI SSC website.

But don't just stop there if you see your software provider listed there - be sure to check that you have upgraded to the PA-DSS compliant version of the application. If your software provider is not on the list, also check with them to see if they have gone out of scope for PA-DSS compliance through a hosted PA-DSS solution like Hosted Payments.

If you aren't using a PA-DSS validated application now that July 1 has passed, you risk losing the ability to process credit and debit card transactions - an absolute must for any business in the hospitality industry.

5. In the coming months, be on the lookout for new iterations of both the PCI DSS and PA-DSS. They are due out in October, after the annual PCI compliance community meetings in the US and Europe. The PCI standards follow a defined 24-month lifecycle, ensuring a gradual, phased use of new versions of the standard without invalidating current implementations of the standards or putting any organization out of compliance the moment changes are published.

By Sean Kramer, President and CEO, Element Payment Services