3 Things to Ask Your Payment Partners Before Your Next Investment
What should hospitality operators look for in payments providers to support flexible and secure payment strategy?
LAURA KIRBY-MECK: Hospitality operators should seek out payment solutions providers that offer comprehensive solutions, including the protection of data at rest, data in flight, and card-present fraud. Payment providers should be current on all card brand certifications, mandates, and compliance, while also offering easy-to-use solutions.
Payment security is complex. It involves network and infrastructure at the hotel / restaurant, training, hardware and software. It cannot be “one or the other” -- it has to fully engage every aspect of the business that could possibly touch the Internet, card data, and the operator’s systems.
When a hospitality operator reaches out and seeks to engage in planning its strategy, the provider should be able to run through a series of questions that include the operator’s level of comfort with risk, charge backs, and data. Once the payment security provider has a solid picture of the operation, the provider will be able to make strong recommendations to the operation on how best to secure its site.
Recent reports indicate that card-present fraud has dropped with the rollout of EMV in the U.S. What is the next phase for EMV?
KIRBY-MECK: There is a misconception that EMV is the nirvana in payment card security, when in reality it is only one element (albeit a key element) of strong security. Having EMV capability in conjunction with tokenization and point-to-point encryption allows hospitality operations the ability to protect their customers on multiple levels. EMV was developed to provide a level of validation and protection for card-present fraud only. EMV does not protect either the consumer or the operator if there is a breach at the point of swipe, or if there is clear data resting in the POS / PMS.
Improving data and payment security remains a top strategic goal for both hotels and restaurants. How should operators work with payment partners to take the burden on here?
KIRBY-MECK: Improving data and payment security is a top goal for many in hospitality. When operations are working with payment partners, there are a few things to consider:
- PCI, compliance and card brand mandates are not going away. It is important to stay current on compliance and mandates to avoid costly fines and downgrades. Make sure you are protected by using tokenization, Point-to-Point Encryption, and EMV solutions.
- Each security measure protects your data slightly differently: tokenization (data at rest), Point-to-Point Encryption (data in flight) and EMV (care present fraud). Think of it as your security three-legged stool.
- Most importantly, be sure you remain current on the latest solutions your payment security and POS/PMS providers offer. Keeping systems and software up to date is important for not only having the latest features and functions, but for maintaining security and avoiding or resolving bugs.
What technology advancement do you think will have the greatest impact on the payments space?
KIRBY-MECK: One of the biggest trends that will likely have a direct impact to payment security and compliance is the significant influx of millions of contactless cards into the U.S. market this year combined with a very strong push by both Visa and MasterCard to promote contactless payments for both speed and security. Both card brands are introducing specific authorization success sounds and symbols for chip readers to play and display to confirm to the cardholder that the tap-to-pay transaction was successful. As more and more contactless cards enter the market, we expect to see an increased demand for consumer-facing PIN pads that will accept EMV contactless payments from both contactless cards and smartphones.
