Top issues in PCI DSS compliance in hotels: an exploratory study

Purpose – The purpose of this paper is to explore the main barriers and key issues that the hotel industry professionals face during the Payment Card Industry Data Security Standards (PCI DSS) compliance process. This paper will help to understand weaknesses and gaps in the PCI compliance process within the hotel industry that will provide a foundation to develop strategies and methods to address those issues in the future. Design/methodology/approach – The paper presents an exploratory study using a two‐stage design. The first stage of the study was designed utilizing the Delphi technique to identify the issues that take place in the PCI compliance process in hotels. After analyzing the results of the first stage of the study, a list of PCI issues was compiled and incorporated in the web hosted questionnaire. In total, 30 hotel executives participated in the second stage of the study providing their evaluation of the importance of the identified PCI compliance issues. Findings – A list of 20 PCI compliance issues that hotel executives face during the process was compiled as an outcome of the first stage of the study. The second stage of the study showed high‐financial cost of implementing and maintaining, lack of qualified staff, inadequate staff training, ambiguous terms in PCI DSS language, and lack of vendors' support and compliance to be the top five issues in PCI compliance in hotels. Originality/value – The paper provides a useful insight into the issues that take place in the hotel industry during the PCI compliance process. This field has not been studied well in the literature. This paper presents the problems in PCI compliance that need to be addressed in order to make the process more efficient and effective.