Protecting Guests, Protecting Reputations: The Risks of Not Securing Guest Transactional Data
By James Filsinger Chief Executive Officer, EZYield | September 25, 2011
In a world where everyone is increasingly engaged with online transactional systems, it is readily apparent that the convenience afforded by live information sharing and online payment services must be balanced and underscored by a solid security framework. In the hotel sector, where card payment technology to book rooms and for actual transactions during guest stays is common, it becomes a much higher priority. Smart hoteliers can combat this risk by adhering to the Payment Card Industry Data Security Standard (PCI DSS).
PCI compliance is a hot issue especially in the world of reservation processing. As the online travel industry moves away from manual data entry towards automated reservation delivery, many hotels and vendors are finding themselves having to comply with data protection standards that rival those that need to be met by governments and international banks.
The need for security compliance in the hospitality sector was recently highlighted by Trustwave, a Visa Qualified Forensic Investigator (QFI), who stated, "research investigated more than 210 card compromise incident investigations, of which 38% occurred in the hospitality sector."(1) This figure is alarming, and highlights the particular vulnerabilities the hotel sector faces around guest data security and how attractive the sector is to hackers.
For too long, the hotel sector has been viewed as a soft target by hackers seeking to steal guest data. While some hoteliers are taking guest data security seriously, there are still too many operators using inadequate technology and processes to fully protect data. Indeed, even in sectors where it is thought that a PCI DSS would be level one, this isn't always the case, and we've seen fairly simple security flaws highlighted earlier this year with attacks on Citigroup, Sony and security company, Lockheed Martin.(2)
Any breach of data security is serious, and can have severe consequences in terms of loss of revenue, but also for the business's reputation and customer loyalty. It goes without saying that no guest wants to risk staying at a hotel if they are not confident that their personal information is safe. As a result, it is more important than ever to reassure customers that there are solid security measures in place to protect their information through online booking tools and when using credit cards within the actual hotel.